Privacy Notice FAIRTIQ Website

Update: 31.08.2023

We are very pleased about your interest in our company. Data protection is of a particularly high priority for the whole FAIRTIQ team.

Personal data (such as name, address, e-mail address,phone number) is processed in line with the Swiss Federal Act on Data Protection (FADP), the EU General Data Protection Regulation (GDPR) and any other country-specific data protection regulations applicable to FAIRTIQ Ltd. Through the following privacy notice, we would like to inform you about the type, scope and purpose of the personal data we process. Furthermore, you will be informed about the rights you are entitled to.

This privacy notice applies to the use of our website, to applications via our website and to our social media accounts. The privacy notice applicable to the use of the FAIRTIQ Ticketing app is available directly in the app or on our website.

1. Definitions

Terms used in this notice refer to the terminology of the FADP and the GDPR. Below, you’ll find an overview of the most important definitions:

a. Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject").

b. Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

c. Processing

Processing is any handling of personal data, regardless of the means and procedures used, in particular the acquisition, storage, retention, use, modification, disclosure, archiving, deletion or destruction of data.

d. Profiling and automatic decision-making

Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

Automated decision-making is based on automatic data processing without human intervention. Examples of such processing are the automatic rejection of an application without any human intervention.

e. Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the addition of further information. To ensure this, the identifying information is kept separate from other information.

f. Controller or person responsible for the processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

g. Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

h. Recipient

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

i. Third Party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

j. Consent

Consent is when the data subject (you) voluntarily gives consent to one or more data processing operations after having been adequately informed. Consent may be given explicitly or, if permissible, by any other unambiguous act by which you indicate that you consent to the processing of personal data relating to you.

k. Third country

According to the definition of the FADP, a third country is any country other than Switzerland. According to the GDPR definition, third countries are all countries without direct applicability of the GDPR.

l. Organisational and technical measures

We implement numerous technical and organisational measures to protect your data in the best possible way. These include pseudonymisation, the use of up-to-date anti-virus software, access restrictions on the persons who process your personal data and many other measures. Despite adherence to high data protection standards, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone.

2. Contact and address of the controller

FAIRTIQ Ltd.
Aarbergergasse 29
3011 Bern
Switzerland
info@fairtiq.com
https://fairtiq.com/en/

3. Contact and address of the Data Protection Officer (DPO)

FAIRTIQ AG
Data protection
Aarbergergasse 29
3011 Bern
Switzerland
dataprotection@fairtiq.com
https://fairtiq.com/en/

Our data protection officer can be contacted directly and anytime with all questions and suggestions related to data protection.

Alternatively, you can contact our data protection representation in the EU at the following address:

FAIRTIQ Austria GmbH, Data Protection, Straubingerstrasse 12, 5020 Salzburg, Austria, dataprotection@fairtiq.com

4. Cookies / Tools

We use cookies on our website. Cookies are text files that are placed and stored on a computer system via an internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which internet pages and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish your individual browser from other Internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID.

Through the use of cookies, we can provide you with more user-friendly services that would not be possible without the cookie setting.

Cookies enable us, as already mentioned, to recognise the users of our website. The purpose of this recognition is to make it easier for you to use our website. For example, if you allow us to use cookies, you will not have to re-enter your access data each time you visit the website. Some cookies are necessary for the technical operation of the website. Without these cookies, the website cannot be visited. These cookies cannot be switched off using the cookie banner.

However, you can prevent the setting of most cookies at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an internet browser or other software programmes. This is possible in all common Internet browsers. If you deactivate the setting of cookies in your internet browser, you may not be able to use all the functions of our website to their full extent.

a. Technical cookies

Technically necessary cookies are required for our website to function. Therefore, these cookies cannot be switched off in our systems. They usually record important actions, such as the number of requests made, editing your privacy settings or filling out forms. Although you can block these cookies in your browser, some parts of our website may then no longer function.

The legal basis for data processing when using technically necessary cookies is our legitimate interest, which lies primarily in ensuring the functionality and improvement of our website.

b. Analytical and marketing cookies

Analytical cookies allow us to analyse visitor behaviour and traffic sources so that we can measure the performance of our website and improve the user experience. They help us to see how popular which pages are and show how visitors move around our website.

Marketing cookies allow us to deliver advertising that is relevant to you. These cookies can remind you that you have visited our website and share this information with other companies, including other advertisers.

You can object to the use of cookies, for example (i) by choosing the appropriate settings in your browser, (ii) by using appropriate cookie blocking software (e.g. ghostery etc.) or (iii) by making the appropriate selection in the consent banner.

c. Privacy notice on the use and application of Google Tag Manager

We are using the Google Tag Manager for our website, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool which helps to integrate tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 para. 1 lit. f DSGVO. As a website operator, we have a legitimate interest in a quick and uncomplicated integration and management of various tools on our website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Further information and the applicable data protection provisions of Google can be accessed at https://policies.google.com/privacy?hl=en&gl=de.

d. Policy on the use and application of the Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Further information and the applicable data protection provisions of Google can be accessed at https://www.google.de/intl/de/policies/privacy/.

e. Social Media Plug-ins

We use the following social media plug-ins on our website. We use the so-called two-click solution, whereby no personal data is initially passed on to the providers of the plug-ins when you visit our website. Only when you click on the marked plug-in field and thereby activate it, does the plug-in provider receive the information that you have accessed our website. The legal basis for processing your data in connection with social media plug-ins is our legitimate interest in enabling our users to use the social media plug-ins.

We have no influence on the data collected and data processing procedures of the plug-in providers. These are subject to the respective data protection declarations of the third-party providers. For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers communicated below.

● LinkedIn: LinkedIn Ireland Unlimited Company: https://www.linkedin.com/legal/privacy-policy

● XING: New Work SE: https://privacy.xing.com/de/datenschutzerklaerung

● Facebook: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

● Youtube: https://policies.google.com/privacy

● Instagram: https://privacycenter.instagram.com/policy

● X (Twitter): https://twitter.com/de/privacy

5. Processed personal data and processing purposes

Each time you visit our website, the following general data and information can be collected and stored in our server’s log files:

● browser types and versions used;

● operating system used by the accessing system;

● website from which an accessing system arrives at our website (so-called referrer);

● sub-websites that are accessed via an accessing system on our website;

● date and time of access to the website;

● internet protocol (IP) address;

● Internet service provider of the accessing system; and

● other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

This information is required to:

● deliver the contents of our website correctly;

● optimise the content of our website and the advertising for it;

● ensure the permanent functionality of our information technology systems and the technology of our website; and

● provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

These data and information are evaluated by us statistically, as well as to increase data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process.

The data of the server log files are stored separately from all personal data provided by you.

6. Registration on our website

You have the option to use a contact form on our website. The necessary contact data (name, e-mail address, phone number, content of the message) will be stored. The personal data you enter will be collected and processed exclusively for internal use at FAIRTIQ.

For items to order or purchase through a FAIRTIQ online shop, the specific privacy notice available on the relevant website applies.

By registering on our website, your IP address assigned by your internet service provider (ISP), the date and the time of registration are also stored. This is the only way to prevent misuse of our services and, if necessary, to enable us to investigate criminal offenses that have been committed. As a matter of principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.

Your registration and any messages you send us via the contact form are used by us to offer you content or services which, by their nature, can only be offered to registered users. You are free to change the personal data provided during registration or to have it completely deleted from the controller's database.

7. Newsletter

We offer the registration for newsletters on the website. We will use the newsletter to inform you at regular intervals about offers from our company, provided you have registered for it. This usually takes place by way of an e-mail, but can also happen in other ways.

On the website you will find a registration form for receiving the newsletter. In order for FAIRTIQ to be able to send you a newsletter, the e-mail address, first and last name and the selected language are required. After entering the mask, you will receive a confirmation e-mail. This confirmation e-mail serves to check whether the owner of the e-mail address as the data subject has authorised receipt of the newsletter.

In every newsletter sent by us, you will find an unsubscribe function with which you can unsubscribe from receiving the newsletter at any time.

When you register, we also store the IP address of the computer system used by you at the time of registration as well as the date and time of registration, which is assigned by the Internet service provider (ISP). The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later point in time and therefore serves as a legal safeguard for the controller.

The personal data collected in the context of a registration will be used exclusively for sending information concerning FAIRTIQ. Furthermore, subscribers could be informed by e-mail if this is necessary for the operation of this service or a related registration, as could be the case in the event of changes to the offer of the information sent or in the event of a change in the technical circumstances.

No personal data collected as part of the service will be passed on to third parties.

8. Tracking

The information sent by FAIRTIQ via e-mail contains so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the FAIRTIQ AG may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by the data subject.

Such personal data collected via the tracking pixels contained in the e-mails sent are stored and evaluated by us in order to optimise the dispatch and to better adapt the content of future information to your interests. This personal data is not passed on to third parties.

9. Contact option via the website or by e-mail

Our website contains a contact mask in order to enable a quick electronic contact to our company as well as direct communication with us. You can also use our e-mail address to contact us. If you contact us by e-mail or via a contact form, the personal data you provide will be automatically stored. We use your data to maintain contact and to process your enquiries and requests. This personal data is not passed on to third parties.

We use the ticket system of Zendesk, Inc., 989 Market Street, Suite 300 San Francisco, CA 94102, USA to organise the requests and for the FAQ. The request and the information you enter, as well as the date and time of the request, are processed by Zendesk and transferred to FAIRTIQ's ticket system. Data may be sent to servers in the USA in this case. If you do not wish the request to be processed by Zendesk, please use the direct contact with the customer service at info@fairtiq.com. Please also note the privacy notice of Zendesk: https://www.zendesk.com/company/agreements-and-terms/privacy-notice/

10. Data transfer to third countries

In some cases, we transfer personal data to recipients in third countries. Insofar as the EU Commission or the Federal Data Protection and Information Commissioner (FDPIC) has not decided that these countries offer a sufficient legal level of protection for your personal data, we must either ensure that we implement sufficient guarantees for your personal data or that one of the legal exceptions applies.

As safeguards according to Art. 46 para. 2 lit c GDPR or Art. 16 para. 2 FADP, we regularly use EU or FDPIC-approved standard contractual clauses with recipients in third countries that are not recognised as secure. Nevertheless, in some countries there is a risk that your data may be requested by national authorities for control and monitoring purposes, without the conditions being clearly regulated or corresponding legal remedies being available. Where such risks exist, and are considered unreasonable by the jurisprudence of the European courts, we will put in place additional safeguards and agreements where possible.

In some cases, we also obtain your explicit consent pursuant to Art. 49 para. 1 sentence 1 lit. a GDPR to this transfer of data to recipients in unsafe third countries. This is the case, for example, if our partners use cookies or comparable technologies on our website. If you give your consent, you accept that the risks described above, in particular of access to your data by foreign authorities, occur without further guarantees being agreed or additional protective measures being taken.

Data transfer is possible to the following countries/regions:

● European Economic Area

● Switzerland

● United Kingdom

● USA

● Canada

● Singapore

11. Your rights

Your rights are based on Articles 25 to 29 of the FADP and Articles 15 to 22 of the GDPR. You can assert your rights against us using the contact details provided.

a. Right to confirmation

You have the right to request confirmation from us as to whether your personal data is being processed.

b. Right to information

You have the right to obtain information about the data concerning you from us free of charge at any time. You will receive information about:

● the processing purposes;

● the categories of personal data that are processed;

● the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;

● if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;

● the existence of a right to obtain the rectification or erasure of personal data concerning them or to obtain the restriction of processing by the controller or a right to object to such processing;

● the existence of a right of appeal to a supervisory authority;

● if the personal data are not collected from the data subject: All available information on the origin of the data;

● the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You also have the right to know whether your personal data has been transferred to a third country or to an international organisation. If this is the case, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.

c. Right of rectification

You have the right to request that any of your personal data that may be inaccurate be corrected without delay. You also have the right to request for incomplete personal data to be completed, including by means of a supplementary declaration, taking into account the purposes of the processing.

d. Right to erasure (right to be forgotten)

You have the right to request that we delete your personal data without delay, provided that one of the following reasons applies and insofar as the processing is not necessary:

● The purpose for data processing has ceased to exist

● You withdraw your consent (and we have no legal obligation to still process the data anyway)

● You object to the processing (and we have no legitimate interests in continuing to process your data and no legal obligations to process the data)

● The personal data were processed unlawfully.

● The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

e. Right to restrict processing

You have the right to request for the processing of your personal data to be restricted, if one of the following conditions is met:

● You legitimately dispute the accuracy of the personal data; or

● the processing is unlawful and you wish to have the processing restricted (instead of deleted); or

● you need the data for your own purposes (to assert, exercise or defend legal claims); or

● we no longer need the data; or

● you have objected to the processing and it is not yet clear whether the processing is lawful or not.

f. Right to data portability

You have the right to receive your personal data in a structured, common and machine-readable format. You also have the right - if we process your data automatically and this is technically possible - to request the transmission of this data electronically to another person responsible.

g. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of legitimate interest. This also applies to profiling based on these provisions.

We will no longer process the personal data in the event of objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests and rights; or the processing serves the assertion, exercise or defence of legal claims.

You have the right to object to the processing of your personal data for marketing purposes (especially newsletters) at any time. This also applies to possible profiling, insofar as it is connected with such direct marketing. If you object to this processing, we will immediately stop processing. In addition, you have the right to object, on grounds relating to your particular situation, to the processing of your personal data which is carried out by us for scientific or historical research purposes or for statistical purposes. We will stop the processing unless such processing is necessary for the performance of a task carried out in the public interest.

h. Automated decisions in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects to you or similarly significantly affects you. Exclusively automated processing is permitted if it is necessary for the conclusion or performance of a contract with you, or is permitted by law, or you have given your explicit consent.

i. Right to revoke consent under data protection law

You have the right to withdraw your consent to the processing of your personal data at any time.

12. Data processing in the application process

a. Application process

You can apply for a position at FAIRTIQ (e.g., on the website via the input mask or by e-mail).

During the the application process, we process your related personal data to the extent that this is necessary to decide on the establishment of an employment relationship, e.g.:

● Contact and communication data

● Application documents (CV, references, certificates, letters of motivation and other documents);

● Notes taken during interviews etc.

● Your residence status and nationality

The legal basis for this is Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. The consent can be withdrawn at any time.

Your personal data is first processed centrally by HR and then passed on exclusively within our company to persons who are involved in the application process as decision-makers.

If the application is successful, the data submitted by you will be stored in our systems on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of conducting the employment relationship.

If we do not conclude an employment contract with you, we reserve the right to retain your personal data for six months after the ending of the application procedure. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.

Longer retention may also apply if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations prevent deletion (Art. 6 para. 1 lit. C GDPR).

b. Applicant pool

If we do not offer you a job, it may be possible to register in our applicant pool. In this case, all documents and details from your application will be added to the applicant pool in order to contact you in the event of suitable vacancies. Registration in the applicant pool is based exclusively on your explicit consent (Art. 6 Para. 1 lit. a GDPR). The provision of consent is voluntary and is not related to the current application process. The person concerned can revoke consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

c. Contact for applicants (withdrawal/request for information/request for deletion):

job@fairtiq.com

13. Lead Gen Forms

We use so-called Lead Gen Forms as part of our efforts to acquire new customers and staff as well as to target prospects more precisely. Lead Gen Forms are advertisements in social networks that enable the integration of contact forms in sponsored content. Lead Gen Forms are particularly important for us in the B2B sector. We use the Lead Gen Forms services of the following provider:

● LinkedIn (LinkedIn Lead Generation)

These Lead Gen Forms services allow you, as a user of a given social network, to provide us with your email address or other user information. LinkedIn uses forms for lead generation and functions and content of the LinkedIn service can be integrated. If you are a member of the LinkedIn platform, LinkedIn can assign the call-up of the above-mentioned content and functions to the user's profile there.

Further information on data protection and the Lead Gen Ads from LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy and https://business.linkedin.com/en-us/marketing-solutions/native-advertising/lead-gen-ads respectively. You have the option to prevent this in the future if you set an opt-out cookie: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

14. Legal basis of the processing

We process personal data based on the following legal basis:

●Your consent (Art. 6, 30 and 31 FADP and Art. 6 para. 1 lit. a GDPR): For example, when you subscribe to our newsletter, when you apply for a position via our application form on the website, when you agree to our cookies; and / or

●To fulfil pre-contractual measures or for legitimate interest (Art. 6, 30 and 31 FADP and Art. 6 para. 1 lit. b and f GDPR): For example, if you apply for a position via our application mask on the website, if we use technically necessary cookies; and / or

●due to legal obligation (Art. 6, 30 and 31 FADP as well as Art. 6 para. 1 lit. c GDPR).

15. Duration for which the personal data is stored

We only store data as long as we have your consent and / or the processing purposes require it and / or it is necessary to maintain the contractual relationship, to initiate a contract, for application purposes, to provide the newsletter or to ensure legal requirements (including retention period). The data is deleted if a purpose ceases to apply or if you revoke your consent (unless we have to retain the data due to a legal obligation).

16. Existence of automated decision making

As a responsible company, we refrain from automated decision-making or profiling whenever possible. As part of the application process via the website or by email, we use a tool that may use automated processes to pre-screen applications (but with human review).

17. Contests

a. Purpose of data processing/legal basis

You have the opportunity to participate in various contests on our website, from our newsletter or on our accounts in social networks. Unless otherwise stipulated in the respective contest or you have given us further express consent, the personal data you pass on to us as part of your participation in the contest will be used exclusively for the purpose of processing the contest (e.g. determining the winner, notifying the winner, sending the prize, anonymous announcement of the winner if applicable). If you act under a real name in the social network concerned or are recognisable via photos in your profile, identification by other users on our part cannot be excluded.

The legal basis for data processing in the context of contest is generally Art. 6 para. 1 lit. b GDPR. In the event that a declaration of consent is submitted in the context of a competition, Art. 6 para. 1 lit. a GDPR is the legal basis for the data processing based on the consent. If you have given your consent in the context of a competition, you have the option of withdrawing it at any time with effect for the future.

b. Recipients/categories of recipients

Data will only be passed on to third parties if this is necessary for the implementation of the competition or the sending of the prize (for example, sending of the prize by the sponsor of a competition or passing on of the data to a logistics company) or if you have given us your express consent to do so. Please note that on some pages on social networks, participation may also be possible directly on the publicly visible web presences (for example on the pinboard or via comments) and thus other users can also see the fact of your participation publicly through your interaction with us. In addition, in such cases, the fact of your winning may also be recognisable on the respective page. If you act under a real name in the social network concerned or are recognisable via photos in your profile, identification by other users on our part cannot be ruled out.

c. Retention period

After the end of the contest and announcement of the winners, the personal data of the participants will be deleted by the contest management portal as soon as the purposes of processing are fulfilled. In the case of non-cash prizes, the winners' data will be retained for the duration of the statutory warranty claims in order to arrange for rectification or replacement if necessary in the event of a defect. When participating in a contest on a page (e.g. by post or comment), we have no means of influencing the deletion of your data by the operator of the social network. Therefore, the data protection provisions of the respective operator of the account also apply.

18. Social media accounts

Please find below information on how we handle your data on our social network pages in accordance with Article 13 of the General Data Protection Regulation (GDPR).

a. Controller

We, FAIRTIQ, are partly controllers for the data processing described below:

FAIRTIQ Ltd.
Aarbergergasse 29
3011 Bern
Switzerland
info@fairtiq.com
https://fairtiq.com/en/

and partly the respective operators of the network networks (‘platforms’).

For certain processing operations, we and the platform operators also act as joint controllers within the meaning of Article 26 of the GDPR (processing operations pursuant to Section d).

We, operate the following social network accounts ("account"):

● Facebook: https://www.facebook.com/FAIRTIQ

● Instagram: https://www.instagram.com/fairtiq/

● LinkedIn: https://www.linkedin.com/company/fairtiq/

● Twitter: https://twitter.com/FAIRTIQ

● TikTok: https://www.tiktok.com/@fairtiq

● Mastadon: https://ohai.social/@FAIRTIQ

● Youtube: https://www.youtube.com/channel/UCMNKwKGe2mN_srTgcOqhYXw

b. Controllership of the platform operators

We have only limited influence on the data processing by the platform operators (e.g. management of members and the information shared). In many points, we cannot influence the data processing by the platform operator and also do not know exactly what data the operator processes.

The platform operator operates the entire IT infrastructure of the service, maintains its own data protection regulations and maintains its own user relationship with you (if you are a registered user of the social network). In addition, the operator is solely responsible for all questions regarding the data of your user profile, to which we as a company have no access.

For more information on data processing by the platform provider and further objection options, please refer to the provider's privacy policy:

● Facebook: https://www.facebook.com/help/568137493302217

● Instagram: https://help.instagram.com/519522125107875

● LinkedIn: https://de.linkedin.com/legal/privacy-policy?

● Twitter: https://twitter.com/de/privacy

● Mastadon (ohai.social): https://ohai.social/privacy-policy

● YouTube: https://policies.google.com/privacy?gl=CH&hl=de

In the context of platform use, your personal data is usually also processed by the respective platform operator on servers in third countries, in particular in the USA and the United Kingdom.

c. Our controllership

I Our presence on social networks

Purpose of data processing by us/legal basis:

The purpose of data processing by us on our pages is to inform customers and interested third parties about offers, products, services, promotions, competitions, factual topics, company news and to interact with visitors to the pages on these topics, as well as to respond to corresponding queries, praise or criticism.

We reserve the right to delete content if this should be necessary. This is the case, for example, with posts that violate the law or are illegal, hate comments, lewd comments (explicitly sexual content) or attachments (e.g. pictures or videos) that may violate copyright, personal rights, criminal laws or our ethical principles.

We may share your content on our Account if this is a function of the platform and communicate with you via the platform. The legal basis is Article 6 para. 1 lit. f GDPR. The data processing is carried out in the interest of our public relations and communication.

The operator has no influence on the processing of your data by us in the context of customer communication or competitions.

As already explained, we take care to ensure that our pages are as privacy-compliant as possible in those places where the platform provider gives us the opportunity to do so.

The data you enter on our pages, such as comments, videos, pictures, likes, public messages, etc. are published by the platform for this purpose.

Recipients/ categories of recipients:

Where applicable, we share your content on our account if this is a function of the Platform and communicate via the social networks. If you submit a request to us on the Platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You always have the possibility to send us confidential requests to our address mentioned in the imprint or via the contact form on our website.

All public posts by you on this account will remain in the timeline indefinitely, unless we delete them due to an update of the underlying topic, a violation of the law or our guidelines, or you delete the post yourself.

Storage period/ criteria for determining the storage period:

We have no influence on the deletion of your data by the operator itself. Therefore, the data protection regulations of the respective operator apply in addition.

II Social Listening and Social Media Monitoring

Purposes of data processing/legal basis:

In addition to the information you provide to us directly via the platform, we also use so-called social listening and social media monitoring to get a picture of the perception of our products and services, to be able to evaluate our marketing activities and to identify any potential for improvement. In this process, posts on platforms are evaluated according to a search request (e.g. for a new product line) or certain key figures (e.g. views, number of clicks). Only those posts that you have made freely available to an unrestricted public will be viewed.

The scope of the data collected is primarily determined by the type and content of the respective contribution; for example, a posting in text form or an uploaded image file may be affected. In individual cases, the user ID used may also be relevant if FAIRTIQ would like to offer help with any problems. In some cases, we also receive information from the respective platform operators about the reach of the posts in question.

The legal basis for the processing of personal data in the context of social listening is Art. 6 para. 1 lit. f GDPR, because we have a legitimate interest in being able to identify any shortcomings of our products and services in freely viewable comments and to respond appropriately to them.

Recipients/categories of recipients:

If we use external processors in the context of social listening or social media monitoring, they are contractually obliged to do so in accordance with Article 28 of the GDPR. Within the scope of our cooperation with Socialbakers a.s., the above-mentioned data is generally also processed on servers in the USA for the purposes of social media monitoring.

Storage period/ criteria for determining the storage period:

The relevant data is not stored permanently by FAIRTIQ, but only analysed specifically with regard to potentially necessary countermeasures. If necessary, we may continue to store your data for annual comparative evaluations for up to 2 years if you have not already deleted your data from the platform yourself.

d. Joint controllership, Art. 26 para. 1 GDPR

We have a relationship with the following platform operators pursuant to Art. 26 para. 1 GDPR (joint ownership) in case we process personal data:

●Facebook: https://en-gb.facebook.com/legal/terms/page_controller_addendum

●LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

●Instagram (Facebook-Produkt): https://www.facebook.com/legal/terms/page_controller_addendum

For the web tracking methods used by the platform operator, the platform operators and FAIRTIQ act as joint controllers. The web tracking can also take place regardless of whether you are logged in or registered with the platform. As already mentioned, we can unfortunately hardly influence the web tracking methods of the platform. For example, we cannot switch this off.

The legal basis for the web tracking methods is your consent according to Art. 6 para. 1 lit. f GDPR.

Further information on the recipients or categories of recipients as well as the storage period or the criteria for determining the storage period can be found in the data protection notices of the platform operators. We have no influence on these.

The options for exercising your rights to prevent these web tracking methods or to withdraw your consent can be found in the data protection notices of the platform operators listed in section b. You can also contact the platform operators via the contact details provided in the respective imprint.

With regard to statistics provided to us by the platform provider, we can only influence and prevent these to a limited extent. However, we make sure that no additional optional statistics are made available to us.

Please also note that the platform provider uses your profile and behavioural data in accordance with its terms of use and privacy policy to evaluate your habits, personal relationships and preferences. FAIRTIQ has no influence on the processing or disclosure of your data by the operator of the platform.

Last update and adaptation to the new Swiss Federal Act on Data Protection in August 2023.