top of page

Data protection

Rüschlikon, 12 September 2021, v1.0
The gender form chosen in this Privacy Policy explicitly and always refers to all genders.

I. General Part

  1. Principle
    The privacy of our users (hereinafter also “members”, “you”, etc.) is very important to SYMCO AG (hereinafter also “we”, etc.). We process personal data in accordance with the requirements of the Swiss Federal Act on Data Protection (FADP; DSG) and the provisions of the EU General Data Protection Regulation (GDPR), as well as this Privacy Policy.
    Our aim is to protect our data processing procedures, in line with the current state of the art, against unauthorised access, loss, misuse and alteration, and to enable our users to exercise their rights transparently.
    Below we inform you which personal data we process, in particular in connection with our website www.keey.ch and our other offerings and services. We also inform you about the rights of individuals whose data we process and how you can contact us.
    For individual or additional services, further privacy notices and other legal documents such as General Terms and Conditions (GTC) or Terms of Use may apply.
     

  2. Name and contact details
    The controller responsible for processing personal data under this Privacy Policy is:
    SYMCO AG
    Bahnhofstrasse 29B
    CH-8803 Rüschlikon
    Switzerland
    hello@keey.ch
    We will inform you if, in individual cases, there are other controllers responsible for processing personal data.
     

  3. Legal basis
    We process your personal data only if we have a specific reason to do so. As a rule, we base the processing of your personal data on the following grounds:

  • Your consent;

  • Our legitimate overriding interest in the relevant processing;

  • Compliance with legal obligations;

  • The performance of (pre-)contractual measures, where applicable.

We may disclose your personal data to service providers whose services we use (e.g. operators of applications, web server operators, hosting providers, payment service providers, etc.). By carefully selecting such service providers and by means of appropriate contractual arrangements, we ensure that data protection is maintained throughout the processing of your personal data by these providers as well.
The aforementioned service providers may also be located in countries that do not protect your personal data to the same extent as Switzerland or the EU/EEA member states (so-called third countries). If we process your personal data outside Switzerland, in particular in third countries, we will take the necessary measures to ensure adequate protection of your personal data in this respect (e.g. through appropriate contracts). If you wish to receive information about the transfer agreements concerning you, you can contact us at the email address listed in section 2.

In addition, we will only share your personal data with third parties if you have given us your consent and/or if this appears necessary to comply with legal provisions or to protect or defend our rights.

  1. Type, scope and duration of the storage of personal data
    We process, in particular, information that a person voluntarily and on their own transmits to us when contacting us, e.g. by postal mail, email, contact form, social media, telephone, as well as upon registering for a user account. We may store such information, for example, in an address book or comparable tools. If personal data is transmitted to us via third parties, the person responsible for such transmission is obliged to ensure data protection vis-à-vis those third parties and to ensure the accuracy of such personal data.
    We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of providing our offerings and services, insofar as and to the extent such processing is legally permissible.

We store personal data in a form that allows identification for as long as necessary for the purposes set out in this Privacy Policy. We also store personal data for as long as required to comply with legal requirements, where longer storage has been expressly consented to, and/or where we have a legitimate interest in storage, e.g. for documentation and evidence purposes and for the protection and defence of legal claims. Personal data that is no longer required for processing will be anonymised or deleted.

  1. Your rights
    Under applicable data protection law, you have the following rights:

  • Right of access – the right to obtain information about the personal data we process about you;

  • Right to rectification – the right to have inaccurate personal data stored by us corrected and to request restriction of processing;

  • Right to erasure – the right to request deletion of your personal data stored by us; legal or other retention obligations remain reserved;

  • Right to object – the right to object at any time to processing by us; this is subject to compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or where the processing serves the establishment, exercise or defence of legal claims;

  • Right to withdraw consent – the right to withdraw consent you have previously given. This means we may no longer continue, for the future, any processing based on that consent (processing already carried out remains unaffected);

  • Right to lodge a complaint – the right to contact the competent data protection authorities if you believe your personal data is being processed by us unlawfully or against your will;

  • Right to data portability – the right to receive your personal data, which is processed on the basis of your consent or a contract, in a structured, commonly used and machine-readable format.

To exercise your rights, you can contact us at the email address listed in section 2 or use other options we provide for this purpose.

  1. Data security
    To protect personal data, we take appropriate technical and organisational security measures to safeguard it against accidental or intentional manipulation, loss, destruction or unauthorised access by third parties (e.g. access restrictions, encryption technologies, etc.). We train and raise awareness among our team and observe the current state of the art. Despite such measures, processing personal data on the internet can unfortunately always involve security vulnerabilities. We therefore cannot guarantee absolute data security.
    The infrastructure of our website and our KEEY platform is operated on servers in Europe and/or Switzerland that are ISO 27001 certified and have implemented high security standards.
    Access to our websites is secured by transport encryption (SSL / TLS, in particular via HTTPS).
    In addition, access to our websites and our other online offerings and services is subject to mass surveillance and other monitoring by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We have no influence over the corresponding processing of personal data by intelligence services, police forces and other security authorities.
     

  2. Do we carry out automated individual decisions?
    “Automated individual decision-making” refers to decisions made automatically, i.e. without relevant human involvement, which have negative legal effects on you or similar significantly negative effects. As a rule, we do not carry out automated individual decisions. We will inform you separately should we use automated individual decisions in individual cases.
     

  3. Changes to this Privacy Policy
    Further development of the website, our other offerings and services, or changes to legal or regulatory requirements may make it necessary to amend and adapt this Privacy Policy.

We may adjust and supplement this Privacy Policy at any time. We will inform you of adjustments and supplements in an appropriate manner, in particular by publishing the current Privacy Policy on our website: https://www.keey.ch/datenschutz

II. Data protection on our websites

  1. Processed personal data and purposes of processing

9.1 General
When you access our websites, information is automatically sent by your device’s browser to our web server. This information is temporarily stored in a so-called log file (also called server log files). Without any action on your part, we record the following information:

  • IP address of the requesting device;

  • Date and time of the server request;

  • Name and URL of the retrieved file;

  • Website from which access is made (so-called referrer URL);

  • Browser type and version (incl. language settings);

  • Operating system used;

  • Name of your access provider;

  • Amount of data transferred.

We process the above data for the following purposes:

  • Ensuring a smooth connection setup of the website,

  • Ensuring the best possible use of the website,

  • Evaluating system security and stability, and for other administrative purposes necessary for the optimal provision and improvement of the website.

9.2 Newsletter and other electronic information
If you register on our website with an email address, you consent to receiving our newsletters and other electronic information about our services via that email address. You can unsubscribe at any time. You can also send your unsubscribe request by email to the address specified in section 2. After that, your data will no longer be processed for this purpose.
We send notifications and communications via third-party services or with the help of service providers. Cookies may also be used in this context. We ensure an appropriate level of data protection when using such services.

In particular, we use the following third-party provider:
CleverReach: email marketing platform; provider: CleverReach GmbH & Co. KG (Germany); data protection information: general privacy policy.
 

9.3 Additional purposes
We reserve the right to process personal data for further purposes (e.g. market and opinion research, media monitoring, additional advertising purposes). We will inform you about this at the relevant point and, if necessary, obtain your consent.
 

9.4 Contact
You can contact us by email at the address listed in section 2. You must provide a valid email address, first and last name, postal code, city and telephone number so that we know who the enquiry is from and can respond to it. Additional information may be provided voluntarily.
 

9.5 Cookies
We use cookies on the website, both our own and those of third parties (first- and third-party cookies). These are small files that your device’s browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our website.
A cookie stores information related to the specific device used. However, this does not mean that we obtain immediate knowledge of your identity.

Cookies help us to:

  • Make the use of our offering more pleasant. For example, we use so-called session cookies to track your visit to the website. These are automatically deleted after you leave the website.

  • Statistically record and evaluate use of the website (by means of so-called persistent cookies). These can, for example, measure the reach of our websites or be used for online marketing;

  • Optimise our offerings for you; and

  • Present offers that best match your personal interests.

Most browsers accept cookies automatically. You can prevent the installation of cookies by setting your browser software accordingly; however, this may mean that not all functions of the website can be used in full.

  1. Targeting and tracking tools
    We use such tools to ensure needs-based design and continuous optimisation of our website. We also use tracking measures to statistically record and evaluate use of our website and to optimise our offerings for our users.
    By using these tools, we aim to ensure needs-based design and continuous optimisation of the website. We also use tracking measures to statistically record and evaluate use of the website and to optimise our offerings for our users.

10.1 Success measurement and reach measurement
Notifications and communications may contain web links or tracking pixels to record whether an individual message is opened and which web links are clicked. Such web links and tracking pixels can also record the use of notifications and communications on a personal basis. We require this statistical usage recording for success and reach measurement, so that we can offer notifications and communications effectively and user-friendly, and on an ongoing, secure and reliable basis, according to the needs and reading habits of recipients.
When using services and programs for success and reach measurement, the IP addresses of individual users must be stored. As a rule, IP addresses are shortened (“IP masking”) to follow the principle of data minimisation and to improve the data protection of visitors to our website.
When using services and programs for success and reach measurement, cookies may be used and user profiles may be created. User profiles include, for example, the pages visited or content viewed on our website, information about the size of the screen or browser window and the – at least approximate – location. As a rule, user profiles are created only in a pseudonymised form. We do not use user profiles to identify individual visitors to our website. Individual services for which you are logged in as a user may possibly assign the use of our online offering to your profile with the respective service; you will usually have had to give your consent to this assignment in advance.
 

10.2 Google
We use various services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We are not responsible for data processing by Google itself and generally have no influence over how Google processes your personal data.
Your IP address is anonymised before being transmitted to Google in the USA, so that it cannot be associated with you personally (IP masking). In no case is your IP address merged by us with other Google data. Google is certified under the US-CH and US-EU Privacy Shield frameworks, ensuring a level of data protection appropriate to Swiss and European data protection requirements.
Further information on Google’s data processing can be found here: policies.google.com; policies.google.com/privacy.
 

10.2.1 Google Analytics
We use Google Analytics for needs-based design and continuous optimisation of our website.

We use the information obtained to:

  • Evaluate use of the website,

  • Compile reports on website activity,

  • Provide other services related to website and internet usage, and

  • Conduct market research.

In this context, pseudonymised user profiles are created and cookies (see section 9.5) are used.

The information generated by the cookies about your use of our website, such as:

  • Browser type/version,

  • Operating system used,

  • Referrer URL (the previously visited page),

  • Hostname of the accessing device (IP address),

  • Time of the server request,

may be transmitted to a Google server in the USA and stored there. This information may also be transferred to third parties if required by law or if third parties process these data on our behalf.

You can prevent the collection and processing by Google of the data generated by the cookie relating to your use of the website (incl. your IP address) by downloading and installing a browser add-on. Further information can be found at: tools.google.com/dlpage/gaoptout?hl=de.

See also: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the EEA and Switzerland; data protection information: cross-device measurement and pseudonymised IP addresses, “Privacy & Terms”, Privacy Policy, “Privacy Guide for Google products” (including Google Analytics), “How we use data from sites or apps that use our services” (Google information), “How Google uses cookies”, “Browser add-on to disable Google Analytics”, “Personalised advertising” (activate/deactivate/settings).
 

10.2.2 jQuery JavaScript libraries
jQuery is a free JavaScript library providing functions for DOM navigation and manipulation. Using jQuery libraries allows us to provide a better presentation of our online offerings. When the website is accessed, your device’s browser loads the external JavaScript file from the server ajax.googleapis.com. The jQuery core library consists of a JavaScript file containing all basic DOM, event, effect and Ajax functions. This enables the website operator to provide certain functions for better user friendliness.
For this, the browser used must connect to Google’s servers. This informs Google that our website has been accessed via your IP address. Further information: developers.google.com/speed/libraries/.
Free JavaScript library; providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the EEA and Switzerland; data protection information: “What does using the Google Hosted Libraries mean for the privacy of my users?”, “Privacy & Terms”, Privacy Policy, “How Google uses cookies”.
 

10.2.3 Google reCAPTCHA
We also use the reCAPTCHA function provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) on our website. This function primarily serves to distinguish whether an entry is made by a natural person or is abusive due to automated processing. The service includes the transmission of the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google. In the course of using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC in the USA.
Further information on Google reCAPTCHA and Google’s Privacy Policy can be found at: https://www.google.com/intl/en/policies/privacy/.
Spam protection (distinguishing between legitimate comments from people and unwanted comments from bots as well as spam); providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the EEA and Switzerland; data protection information: “What is reCAPTCHA?”, “Privacy & Terms”, Privacy Policy, “How Google uses cookies”.
 

10.3 Social media plug-ins
Plug-ins and other tools (e.g. Facebook Pixel) are used on the website to recommend our content on social networks (e.g. YouTube, LinkedIn, Facebook, Vimeo) and to enable sharing by our users.
When social media plug-ins are used, personal data of users is transmitted to the providers of the social networks. Data are transmitted to the mentioned providers only if you are logged into your profile on the relevant platform. We have no influence over processing by the respective operators of the social networks. The General Terms and Conditions and Terms of Use as well as the privacy policies and other provisions of the individual platform providers apply. These provisions provide information in particular about the rights of data subjects, especially the right of access.
 

10.4 Facebook
Remarketing tags of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA (“Facebook”), may be integrated on our website. We are not responsible for data processing by Facebook itself and generally have no influence over how Facebook processes your personal data. Facebook is certified under the US-CH and US-EU Privacy Shield frameworks, ensuring an adequate level of data protection in line with Swiss and European requirements. Further information: https://www.facebook.com/privacy/explanation.
When you visit our website, a direct connection is established between your device’s browser and the Facebook server via the remarketing tags. Facebook thereby receives the information that you visited our website and can assign your visit to your user account. We can use the information obtained to display Facebook Ads.
 

10.5 Instagram
We use the option to embed functions and content from Instagram on our website. This allows us, for example, to display images published on Instagram within our website. Cookies are also used in this context.
Instagram is an offering of Facebook Ireland Limited in Ireland or the U.S. Facebook Inc. If you are logged in to Instagram or other Facebook services as a user, Facebook can assign use of our online offering to your profile. Further details on the type, scope and purpose of data processing can be found in Instagram’s Privacy Policy.
 

10.6 LinkedIn
We use the option to embed functions and content from LinkedIn on our website with the help of plug-ins. For example, this enables you to use LinkedIn’s “Share” function on our website. Cookies are also used in this context. Further information can be found on LinkedIn’s page about plug-ins.
The plug-ins are offered by LinkedIn Ireland Unlimited Company in Ireland or the U.S. LinkedIn Corporation. If you are logged in to LinkedIn as a user, LinkedIn can assign use of our online offering to your profile. Further details on the type, scope and purpose of data processing can be found in LinkedIn’s Privacy Policy, Cookie Policy and Privacy Portal, respectively. You also have the option to object to personalised advertising.

  1. Embedded social media links
    Our website provides links to our company profiles on LinkedIn and Facebook. When you click a link, you leave our website and are redirected to the servers of the social media providers.
    LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA) Privacy Policy: Privacy Policy LinkedIn
    Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) Privacy Policy: Privacy Policy Facebook
     

  2. Advertising
    We use the option of displaying targeted advertising for our offering to third parties, such as on social media platforms and search engines.
    With such advertising, we aim in particular to reach people who are interested in our offering or already use it (remarketing and targeting). For this purpose, we may transmit relevant – possibly also personal – information to third parties that enable such advertising. We can also determine whether our advertising is successful, i.e. in particular whether it leads to visits to our website (conversion tracking).
    Third parties with whom we advertise and with whom you are registered as a user may be able to assign use of our offering to your profile there.

We use in particular:

  • Facebook Ads: social media advertising; providers: Facebook Inc. (USA) / Facebook Ireland Ltd. (Ireland); data protection information: remarketing and targeting in particular with Facebook Pixel as well as Custom Audiences including Lookalike Audiences, Privacy Policy, “Ad preferences” (login required).

  • Google Ads (formerly AdWords): search engine advertising; providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the EEA and Switzerland; data protection information: advertising based, among other things, on search queries, using various domains – in particular doubleclick.net, googleadservices.comand googlesyndication.com – for Google Ads, “Privacy & Terms”, Privacy Policy, “Privacy Guide for Google products” (including Google Ads), “How we use data from sites or apps that use our services” (Google information), “How Google uses cookies”, “Personalised advertising” (activate/deactivate/settings).

  • Instagram Ads: social media advertising; providers: Facebook Inc. (USA) / Facebook Ireland Ltd. (Ireland); data protection information: remarketing and targeting in particular with Facebook Pixel as well as Custom Audiences including Lookalike Audiences, Privacy Policy (Instagram), Privacy Policy (Facebook), “Ad preferences” (Instagram) (login required), “Ad preferences” (Facebook) (login required).

  • LinkedIn Ads: social media advertising; providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); data protection information: remarketing and targeting in particular with the LinkedIn Insight Tag, “Privacy”, Privacy Policy, Cookie Policy, objection to personalised advertising.

III. Data protection on our Keey platform

  1. External payment service provider Datatrans
    We use the payment service provider Datatrans, through whose platforms you and we can initiate payments (Datatrans AG, Kreuzbühlstr. 26, CH-8008 Zurich, https://www.datatrans.ch/de/).
    If payment is processed via Datatrans, the data entered will be transmitted to Datatrans. The transmission of data is carried out on the basis of applicable laws. Data is shared solely for the purpose of payment processing and only to the extent necessary.

bottom of page