We appreciate your interest in our company and our products and services and want you to feel secure when visiting our website, including with regard to the protection of your personal data. We want you to know when we store which data and how we use it. We are subject to the provisions of the Swiss Federal Act on Data Protection (FADP) and/or - if we offer our goods and services in the EU/EEA area - the provisions of the European General Data Protection Regulation (GDPR). We have taken appropriate technical and organisational measures to ensure that the data protection regulations are observed both by us and by service providers commissioned by us.
This data protection information applies to our online webshop at the address www.diaqua.com (address hereinafter also referred to as website or webshop). The following information provides you with an overview of what happens to your personal data when you visit this online shop. Personal data is any data with which you can be personally identified.
The terms used in this privacy policy, such as controller or personal data, are used in accordance with the definitions of the FADP or the definitions of the GDPR. For reasons of readability and thus also in the sense of a comprehensible information transfer, the naming of individual articles, paragraphs or similar is generally omitted.
The controller for the purposes of data protection legislation is
Diaqua AG
Pfeffingerstrasse 21
4153 Reinach-Basel
Switzerland
Phone: +41 61 716 75 11
Email: info@diaqua.ch
A Data Protection Officer and a representative in the Union have been appointed by the controller. His contact details are:
Michael Kranzer
Bechtle GmbH IT-Systemhaus Freiburg
Leinenweberstraße 1
79108 Freiburg im Breisgau
Germany
Email: ch.datenschutz@neoperl.com
In principle, the processing of personal data is not permitted within the framework of data protection regulations unless there is a legally permissible reason for authorisation. We are obliged to inform you about the legal basis for data processing.
Insofar as we obtain your consent for processing personal data, this serves as the legal basis.
The fulfilment of the contract serves as the legal basis for the processing of personal data that is necessary for the fulfilment of a contract to which you are a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
If the processing of personal data is necessary for compliance with a legal obligation to which we are subject, this serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, this serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests are not overridden by your fundamental rights and freedoms, this shall serve as the legal basis for processing.
The GDPR ensures a consistently high level of data protection within the European Union (EU) and the European Economic Area (EEA). The DPA guarantees a high level of data protection in Switzerland. When selecting our service providers and cooperation partners, we therefore rely on partners in Switzerland or the EU and EEA wherever possible if your personal data is to be processed.
If we have your data processed in a third country - i.e. outside the EU/EEA or Switzerland - this is always done in accordance with the legal requirements.
In addition to your express consent or contractually or legally required transfer, we only have your data processed in third countries with a recognised level of data protection through a contractual obligation using the so-called standard contractual clauses of the EU Commission and the implementation of sufficient additional measures in the presence of certifications or binding internal data protection regulations.
Your personal data is currently processed at the following data locations:
Within our company, we ensure that only those persons receive your data who need it to fulfil contractual and legal obligations.
In some cases, we use carefully selected external service providers to process your data. If data is passed on to service providers as part of so-called order processing, this is done in accordance with the requirements of the GDPR. Our processors are carefully selected, bound by our instructions and checked at regular intervals. We only commission processors who offer sufficient guarantees that suitable technical and organisational measures are taken to ensure that processing is carried out in accordance with the requirements of the GDPR and BDSG and that your rights are protected.
In principle, we do not disclose any personal data to third parties without your express consent. If we nevertheless disclose your data to third parties in the course of processing, transfer it to them or otherwise grant them access to the data, this is also done exclusively on the basis of one of the aforementioned legal bases.
For example, we transfer data to payment service providers or suppliers if this is necessary to fulfil the contract. If we are obliged to do so by law or by court order, we must transfer your data to the respective authorised bodies.
If you make an enquiry on our website - for example by using the contact form or contacting us by e-mail - your personal data will be processed in order to answer your enquiry:
If your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures, this purpose forms the legal basis for this processing.
In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us or, if applicable, on your consent.
We process data of our contractual and business partners, e.g. suppliers, customers and interested parties (hereinafter referred to as business partners) in the context of contractual or comparable legal relationships as well as associated measures and in the context of communication with our business partners.
We process this data to fulfil our contractual obligations, to secure our rights and for the purposes of the associated administrative tasks and our corporate organisation. We only pass on the data of our business partners to third parties within the framework of the applicable law insofar as this is necessary for the aforementioned purposes or to fulfil legal obligations or with the consent of the data subjects (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, as part of this data protection notice.
We will inform our business partners which data is required for these purposes before or as part of the data collection.
We will delete or block your personal data as soon as the purpose for processing no longer applies. However, data may be stored beyond this period if this is required by legal regulations to which we are subject. This applies in particular to data that must be stored for legal archiving reasons (e.g. for commercial law reasons usually for 6 years or for tax law reasons usually for 10 years).
Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. email, telephone numbers), contract data (e.g. subject matter of contract, term).
Provision of contractual services and customer service, contact requests and communication, internal organisational procedures, managing and responding to enquiries.
Contract performance/pre-contractual enquiries, Legal obligation Legitimate interests.
We do not use automated decision-making or profiling (also known as processing of personal profiles in Switzerland).
You can use our online services without disclosing your identity. In this section, we explain when and in what context we process data when you use our online services, which services we have implemented from service providers, how they work and what happens to your data.
Our services are generally aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians.
We use transport encryption to protect your transmitted data in the best possible way. To ensure the security of your data during the transmission process, we use a state-of-the-art SSL/TLS encryption method.
If you only use our websites for information purposes, i.e. if you do not register for an offer, conclude a contract with us or otherwise disclose information to us, we only collect the personal data that your browser transmits to our servers.
When you visit our websites, we collect the following data, which is technically necessary for us to be able to display our websites to you and to ensure stability and security:
This data is temporarily stored in the log files of our system for a maximum of seven days. Storage beyond this period is possible, but in this case the IP addresses are shortened or anonymised so that it is no longer possible to identify the accessing client. The log files are not stored together with other personal data relating to you in this context. The legal basis for these processing operations is our legitimate interest.
Since the collection of data to display the websites and the storage of data in log files is absolutely necessary for the operation of our websites and the maintenance of IT security, you have no option to object in this respect.
Personal data is required to maintain a customer account. The required data is marked with an "*" in the registration form. By registering, you consent to the use of this data for the purpose of account management. For orders via the shop, further data is required depending on the type of payment. We work together with electronic payment service providers to process electronic payments. Your personal data will be transmitted for these processing purposes.
In addition to the aforementioned data, cookies are stored on your end device when you visit our website. Cookies are data records that can be sent from a website to the browser, which stores them and sends them back. Various data can be stored in cookies, which are read by the organisation that sets the cookie. As a rule, they contain a characteristic character string (ID) that enables the browser to be uniquely identified when the website is called up again or a page is changed. They are primarily used to make our online services more user-friendly and effective overall. The user data collected in cookies is pseudonymised by technical precautions, which means that it is generally no longer possible to assign the data to the accessing user. Insofar as identifiability is given, such as in the case of a login cookie whose session ID is necessarily linked to the user's account, we will point this out to you at the appropriate point.
We use different types of cookies:
In addition to so-called "first-party cookies", which are set by us as the data controller, "third-party cookies" are also used, which are offered by other providers.
The legal basis for the processing of your personal data is your consent.
We use a so-called cookie management solution. This enables you to manage the cookies we use and the consents you have given, to find out more information about the respective data processing and to view the purpose and storage period of the cookies used.
The provider of this solution is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (hereinafter Consent Manager Provider).
When you enter our website or webshop, a connection is established to the Consent Manager Provider's servers in order to provide you with information about the data processing and to give you the opportunity to consent to data processing that requires your consent. Consent Manager Provider then stores a cookie in your browser in order to be able to allocate the consents given to you or their revocation. The data collected in this way is stored until you ask us to delete it, delete the Consent Manager Provider cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.
We use this solution to fulfil our legal obligations in the context of the use of cookies and similar technologies.
This webshop is hosted by an external service provider (host provider). The personal data collected in our webshop is stored on the host provider's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
The hoster is used for the purpose of initiating and fulfilling contracts with our potential and existing customers and in the interest of a secure, fast and efficient provision of our online offer by a professional provider.
Our hoster will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data.
We use the following host provider:
If you purchase goods in our webshop, we process the payment information collected in this context for the purpose of processing the payments.
The data processed by the payment service providers includes inventory data such as name and address, bank details such as account numbers or credit card numbers, TANs and checksums as well as contract, total and recipient-related details. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection notices of the payment service providers.
The terms and conditions and data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications, apply to payment transactions. We also refer to these for further information and the assertion of cancellation, information and other data subject rights.
We work together with partner companies to offer individual payment methods. These partner companies are:
Payment via credit card, PayPal and Twint is processed via this partner.
If you have given your consent, Facebook Pixel is used on this website. This is a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). Facebook Pixel enables Meta to display our adverts on Facebook (so-called Facebook Ads) only to those Facebook users who have visited our website, in particular those who have shown an interest in our online offering or in certain topics or products. Facebook pixels make it possible to check whether a user was redirected to our website after clicking on our Facebook ads. We use Facebook pixels for marketing and optimisation purposes, in particular to place relevant and interesting ads for you on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying ads.
If you are logged in to Facebook with your user account, your visit to our website will be noted in your user account. The data collected about you is anonymous to us and does not allow us to draw any conclusions about your identity. We have no influence on the scope and further use of the data processed by Facebook through the use of Facebook pixels. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account. You can deactivate the remarketing function "Custom Audiences" in the settings for adverts in your Facebook account. Even if you are not registered with Facebook or have not logged in, there is a possibility that Facebook will find out and store your IP address and any other identifying features.
Meta also processes your data outside the EU/EEA and Switzerland, i.e. in countries where there is no level of data protection that meets European standards. Meta legitimises these transfers with the EU standard contractual clauses.
Meta's parent company is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Meta cannot be ruled out. From a data protection perspective, the USA is currently considered a third country. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
The recipients / categories of recipients can be found in our cookie management tool.
You can find out how long the cookies are stored on your end device in our cookie management tool.
The legal basis for the use of Facebook Pixel is your voluntarily given consent.
You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected by this.
If you have given your consent, Google Analytics 4 is used on this website. This is a web analytics service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). You can find more information on Google's terms of use and data protection here and here.
Google Analytics uses cookies that enable your use of the website to be analysed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
However, we would like to expressly point out that Google generally processes data for its own purposes, in particular for the purpose of providing its web analysis and tracking service. As part of Google Analytics, further usage data is collected, which is to be evaluated as personal data, such as identification features of the individual users, which also allow a link to an existing Google account, for example.
During your website visit, your user behaviour is recorded in the form of events. Events can be:
In addition, the following is recorded:
On our behalf, Google will use this information to analyse your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.
We use the "demographic characteristics" function of Google Analytics to be able to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person.
We use the "e-commerce tracking" function of Google Analytics. With the help of e-commerce tracking, we can analyse the purchasing behaviour of website visitors to improve our online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.
Google Remarketing analyses your user behaviour on our website (e.g. clicking on certain products) in order to target you. Google Remarketing analyses your user behaviour on our website (e.g. clicking on certain products) in order to categorise you into certain advertising target groups and subsequently display suitable advertising messages to you when you visit other online offers (remarketing or retargeting).
In addition, the advertising target groups created with Google Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If data is processed outside the EU/EEA and Switzerland and there is no data protection level corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an adequate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Recipients of the data are/may be
You can find out how long the cookies are stored on your end device in our cookie management tool.
The data sent by us and linked to cookies, user IDs or advertising IDs are automatically deleted after 60 minutes. The deletion of data whose retention period has been reached is automated once a month.
The legal basis for the use of Google Analytics is your voluntarily given consent.
You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected
If you have given your consent, Google Ads including conversion tracking will be used on this website. This is a service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). Google Ads is a web analysis service. We use conversion tracking to advertise our website in a targeted manner:
If you click on an advert placed by Google, the conversion tracking we use stores a cookie on your end device. If you visit a certain page of our website, both we and Google can analyse that you have clicked on one of our ads placed on Google and that you have subsequently been redirected to our website.
Through the information collected in this way, Google creates statistics for us about the visit to our website. We also receive information about the number of users who have clicked on our advert(s) and about the pages of our website that were subsequently accessed. This information is used to compile conversion statistics for Ads customers who have opted for conversion tracking. The customers, i.e. we as the website operator, find out the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
In so far as data is processed outside the EU/EEA and Switzerland and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider in order to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
The legal basis for the use of Google Ads is your voluntarily given consent.
You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected.
The recipients / categories of recipients of the collected data can be found in our cookie management tool.
You can find out how long the cookies are stored on your end device in our cookie management tool.
If you have given your consent, Google Marketing Platform is used on this website. This is a service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google).
The Google Marketing Platform is an online marketing solution and uses cookies, among other things. Google uses a cookie ID to record which adverts are displayed in which web browser. Google Marketing Platform can also use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, if you see such an advert and later use the same web browser to access the advertiser's website and make a purchase there.
Please note that, with your consent, data may also be transferred to a third country outside the EU/EEA, which may have a lower level of data protection than the EU.
We use DV360 for marketing and optimisation purposes, in particular to display ads that are relevant and interesting to you, to improve campaign performance reports or to prevent you from seeing the same ads more than once.
If data is processed outside the EU/EEA and Switzerland and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an adequate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
The recipients / categories of recipients of the collected data can be found in our cookie management tool.
You can find out how long the cookies are stored on your end device in our cookie management tool.
The legal basis for the use of the Google Marketing Platform is your voluntarily given consent.
You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected by this.
Our website uses Google Tags. This is a service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). Google Tag Manager is a solution that allows us to manage website tags via an interface. Tags are small code elements on our website that are used, among other things, to measure traffic and visitor behaviour.
The Tag Manager tracks a series of tags and trigger rules that determine when these tags should be used on our website. When you visit our website, the current tag configuration is sent to your browser. It contains instructions on which tags should be triggered. The Tag Manager triggers tags, which in turn may collect data. The Tag Manager itself does not access this data as it is operated via a cookie-less domain and does not collect any personal data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Google itself collects information about how the service is used and which tags are implemented in which way. According to Google, this data is used to improve, maintain, protect and further develop the service.
For more information, please refer to the Google Tag Manager usage guidelines and the Google privacy policy.
If data is processed outside the EU/EEA and Switzerland and there is no data protection level corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
You can find out how long the cookies are stored on your end device in our cookie management tool.
The legal basis for the use of Google Tag Manager is your voluntarily given consent.
You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected by this.
We have integrated videos at various points on our website. We use the provider Vimeo, Inc, 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as vimeo). Vimeo is a video platform that enables the posting and streaming of videos.
If you have given your consent, a connection to the vimeo servers in the USA will be established when you access videos via vimeo on our website. As a result, certain information is transmitted to vimeo, regardless of whether you have a vimeo account or not. This can be, for example:
Vimeo also processes your data outside the EU/EEA and Switzerland, i.e. in countries where no third country transfer takes place. i.e. in countries in which there is no level of data protection corresponding to the European standard. Vimeo relies, among other things, on the standard contractual clauses of the European Commission. Further information on this can be found at https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights in the GDPR (EEA Users) section.
Vimeo is based in New York, USA. A transfer of data to the USA and access by US authorities to the data stored by Vimeo cannot be ruled out. The USA is currently considered a third country in terms of data protection law. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Vimeo may share your data with third parties. These are, for example, affiliated companies, business partners and advertising partners who in turn use tracking technologies on the vimeo website. This involves independent processing by vimeo, over which we have no influence.
For more information on data protection at Vimeo, please see here.
We offer you the option of subscribing to our free email newsletter. We only send this newsletter with your consent. When you register for a newsletter, the data from the input screen (name and email address) is transmitted to us and stored for as long as the subscription to the newsletter is active.
Your consent is obtained for the processing of this data for the purpose of sending the newsletter and reference is made to this data protection notice. We use the so-called "double opt-in procedure" for the registration process. Once you have registered, you will receive an email in which you must click on a link to confirm your registration. This prevents unauthorised third parties from registering using your email address.
We log the registration process in order to be able to prove the process in accordance with legal requirements. The IP address of the accessing end device, date and time of registration are stored. The data you provide will be stored for as long as the subscription to the newsletter is active.
You can cancel the subscription at any time. For this purpose, there is a corresponding unsubscribe link in every newsletter. This also allows you to withdraw your consent. The legal basis for the processing of your data is your voluntarily given consent to receive newsletters.
Our newsletters contain a pixel-sized file (a so-called web beacon or tracking pixel), which is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is collected.
This information is used, among other things, for the technical improvement of our newsletter. In addition, we would like to determine your access time and your reading behaviour based on your retrieval location. This analysis includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual recipients. It is in no way in our interest to observe individual users. Rather, the evaluations help us to recognise the reading habits of our users and to adapt our content to them or to send different content that reflects the interests of our user groups.
The evaluation of the newsletter and the measurement of success are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purposes of using a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of the users.
Unfortunately, it is not possible to revoke the measurement of success separately. If you wish to object to performance measurement, you must cancel your newsletter subscription. This means that if you have consented, you must revoke your consent.
The legal basis for sending our newsletter is your voluntarily granted consent:
You can cancel your subscription to our newsletter at any time, i.e. revoke your consent or object to further receipt. You will either find a link to unsubscribe from the newsletter at the end of each newsletter or can otherwise use one of the contact options provided above, preferably by email.
We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. In the event of obligations to permanently observe objections, we reserve the right to store the email address in a blacklist for this purpose alone.
The recipient of the collected data is the following processor:
ActiveCampaign Inc, 1 N Dearborn, 5th Floor Chicago, Illinois 60602, USA
ActiveCampaign processes your data outside the EU/EEA and Switzerland, i.e. in countries where the level of data protection does not meet European standards. The data transfer with ActiveCampaign takes place using the standard contractual clauses, which you can view as examples: https://www.activecampaign.com/legal/newscc
ActiveCampaign is based in Chicago, USA. A transfer of data to the USA and access by US authorities to the data stored by ActiveCampaign cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
As a data subject, you are entitled to various rights, which we would like to inform you about below. Depending on the reason for and type of processing of your personal data, you are entitled to the rights described in the following sections.
As a data subject, you have the right to obtain information from us as to whether we process your personal data and, if this is the case, which of your personal data we process.
You also have the right to request from us a copy of your personal data that is the subject of processing.
You have the right to obtain from us without undue delay the rectification of any of your personal data that you consider to be inaccurate.
You also have the right to request that we complete any personal data that you consider to be incomplete.
If the legal requirements are met, you can request the erasure of your personal data.
This is the case, for example, if we process your data based on your consent and you withdraw this consent.
However, we are not permitted to erase data if we are required to store it due to statutory retention periods, for example. We also cannot comply with your request for erasure if it is necessary for us to process your personal data for the establishment, exercise or defence of legal claims.
Under certain circumstances, you as the data subject have the right to request that we restrict the processing of your personal data.
One of these circumstances is, for example, if you dispute the accuracy of your personal data. Or the case in which we no longer need your personal data, but you need this data for the assertion, exercise or defence of legal claims.
If we process your personal data on the basis of a legitimate interest, you have the right to object to this processing if this arises due to your particular personal situation. However, this right to object does not apply if there is a compelling public interest in the processing which overrides your interest, if we are obliged to process the data by law or if the processing serves the establishment, exercise or defence of legal claims.
If we use your personal data for direct marketing purposes, you have the right to object at any time to the processing for the purpose of such marketing. If you object to processing for this purpose, your personal data will no longer be processed for this purpose.
If we process your data on the basis of your consent, you have the right to withdraw your consent at any time with effect for the future. Your withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You only have this right with regard to personal data that you have provided to us yourself. You have the right to request that we transfer this personal data directly to another controller.
Alternatively, you have the right to request that we provide you with your data in a machine-readable format. However, this only applies if we process your personal data on the basis of your consent or on the basis of a contract and the processing is carried out using automated procedures.
You also have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates data protection regulations.
This privacy policy will be amended from time to time. These adjustments are made, for example, when technical progress, legal requirements or other influences result in changes.
Status: March 2022
The original text was written in German; in the event of legal disputes, the German version applies.