1. What is this privacy policy about?
2. Who is responsible for processing your data?
3. What data do we process?
4. For what purposes do we process your data?
5. On what basis do we process your data?
6. What applies to profiling?
7. To whom do we disclose your data?
8. Is your personal data also transferred abroad?
9. How long do we process your data?
10. How do we protect your data?
11. What rights do you have?
12. Do we use online tracking and online advertising technologies?
13. What data do we process on our pages in social networks?
14. Can this privacy policy be changed?

1. What is this privacy policy about?

Visionary AG (hereinafter also “we”, “us”) procures and processes personal data concerning you or other persons (so-called “third parties”). We use the term “data” here synonymously with “personal data” or “personally identifiable data.”

In this privacy policy, we describe what we do with your data when you use www.docbox.swiss, other websites of ours, or our apps and our Software as a Service (“docbox”) (hereinafter collectively “Website”), when you purchase our services or products, are otherwise connected with us in the context of a contract or otherwise in business, communicate with us, or otherwise deal with us. If necessary, we will inform you through a timely written notification about additional processing activities not mentioned in this privacy policy. Additionally, we may inform you separately about the processing of your data, e.g., in consent forms, contractual provisions, general terms and conditions, additional privacy policies, forms, and notices.

If you transmit or disclose data about other persons to us, such as family members, employees, your customers (patients), etc., we assume and it is your responsibility that you have been authorized and are entitled to do so and that this data is correct. By submitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy. This applies in particular to health data of customers (patients) which you transmit to other participants of our Software as a Service (e.g., docbox).

This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”) and the (revised) Swiss Data Protection Act (“DPA”). Whether and to what extent these laws are applicable, however, depends on the individual case.

2. Who is responsible for processing your data?

For the data processing of Visionary AG described in this privacy policy, Visionary AG, Zurich (the “Visionary”), is responsible for data protection purposes, unless otherwise communicated in individual cases, e.g., in further privacy policies, on forms, or in contracts.

You can reach us for your data protection concerns and the exercise of your rights according to Section 11 as follows: Visionary AG Röntgenstrasse 44 8005 Zurich Switzerland [email protected]

3. What data do we process?

We process various categories of data about you. The main categories are as follows:

• Technical Data: When you use our website or other electronic offers, we collect the IP address of your device and other technical data to ensure the functionality and security of these offers. This data also includes logs in which the use of our systems is recorded. We generally store technical data for 6 months. To ensure the functionality of these offers, we may also assign an individual code to you or your device (e.g., in the form of a cookie, see Section 12). The technical data in itself generally does not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls, or the execution of contracts, it can be linked with other data categories (and thus possibly with your person). Technical data includes, among other things, the IP address and information about the operating system of your device, the date, region, and time of use, as well as the type of browser you use to access our electronic offers. This can help us to deliver the correct formatting of the website or, for example, to show you a website adapted for your region. Although we know from the IP address which provider you are using to access our offers (and thus also the region), we can generally not deduce who you are from this. This changes if you create a user account, for example, because personal data can then be linked to technical data (e.g., we can see which browser you use to access an account via our website). Examples of technical data also include logs that are generated in our systems (e.g., the log of user logins on our website).

• Registration Data: Certain offers and services (e.g., login areas of our website, newsletter dispatch, free Wi-Fi access, etc.) can only be used with a user account or a registration, which can be done directly with us, through a contractual partner of ours who registers you as a user (e.g., your emergency service organization, your employer, etc.), or through our external login service providers. In doing so, you must provide us with certain data, and we collect data about the use of the offer or service (such as name, username, password, address, contact details like email and phone number, etc.).

• Communication Data: When you are in contact with us via the contact form, by email, telephone or chat, by letter, or through other means of communication, we collect the data exchanged between you and us, including your contact details, any data about third parties, and the metadata of the communication. If we record or listen to telephone conversations or video conferences, e.g., for training and quality assurance purposes, we will specifically inform you of this. Such recordings may only be made and used in accordance with our internal guidelines. You will be informed whether and when such recordings take place, e.g., by a notification during the relevant video conference. If you do not wish to be recorded, please inform us or end your participation. If you only do not want your image to be recorded, please turn off your camera. If we want or need to establish your identity, e.g., in the case of an access request made by you, a request for media access, etc., we collect data to identify you (e.g., a copy of an ID). We generally keep this data for 12 months from the last exchange with you. This period may be longer if required for evidentiary purposes or to comply with legal or contractual requirements, or if it is technically necessary. Emails in personal mailboxes and written correspondence are generally kept for at least 10 years. Recordings of (video) conferences are generally kept for 24 months. Chats are generally kept for 2 years.

   

• Master Data: We refer to master data as the basic data that we need in addition to contract data (see below) for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details, and information e.g., about your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations, and declarations of consent. We process your master data if you are a user of the Software as a Service functions (e.g., docbox), are a contractual partner or other business contact, or work for one (e.g., as a contact person of the business partner), or because we want to address you for our own purposes or the purposes of a contractual partner (e.g., in the context of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We receive master data from you yourself (e.g., when entering into a contractual or business relationship or as part of a registration), from bodies for which you work, from our contractual partners who have registered you as a user on our Software as a Service (e.g., docbox), or from third parties such as associations and address dealers, and from publicly accessible sources such as public registers or the internet (websites, social media, etc.). Within the scope of master data, we may also process health data of your customers (patients) made available to us and other information about third parties. We may also collect master data from our shareholders and investors. We generally keep this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if required for evidentiary purposes or to comply with legal or contractual requirements, or if it is technically necessary. For pure marketing and advertising contacts, the period is usually much shorter, mostly not more than 2 years since the last contact.

• Contract Data: This is data that arises in connection with the conclusion of a contract or the processing and administration of a contract, e.g., information about contracts and the services to be provided or provided and other obligations, as well as data from the preliminary stages of a contract conclusion, the information required or used for processing, and information about reactions (e.g., complaints or information on satisfaction, etc.). We generally collect this data from you, from contractual partners, and from third parties involved in the processing of the contract, including registered users, but also from third-party sources (e.g., providers of credit data) and from publicly accessible sources. We generally keep this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer if required for evidentiary purposes or to comply with legal or contractual requirements, or if it is technically necessary.

• Behavioral and Preference Data: Depending on our relationship with you, we try to get to know you and better align our products, services, and offers with you. For this purpose, we collect and use data about your behavior and your preferences. We do this by evaluating information about your behavior in our domain, and we can also supplement this information with information from third parties – including from publicly accessible sources. Based on this, we can, for example, calculate the probability that you will use certain services or behave in a certain way. Some of the data processed for this is already known to us (e.g., when you use our services), or we obtain this data by recording your behavior (e.g., how you navigate our website, react to electronic communications, interact with social media profiles, or by determining your movement profile through the use of your mobile phone, for example). We anonymize or delete this data when it is no longer meaningful for the purposes pursued, which, depending on the type of data, can be between 2-3 weeks (for movement profiles) and 24 months (for product and service preferences). This period may be longer if required for evidentiary purposes or to comply with legal or contractual requirements, or if it is technically necessary. We describe how tracking works on our website in Section 12.

• Other Data: We also collect data from you in other situations. In connection with official or judicial proceedings, for example, data arises (such as files, evidence, etc.) that may also relate to you. For health protection reasons, we may also collect data (e.g., in the context of protection concepts). We may receive or create photos, videos, and sound recordings in which you may be recognizable (e.g., at events, through security cameras, etc.). We may also collect data about who enters certain buildings at what time or has corresponding access rights (incl. in access controls, based on registration data or visitor lists, etc.), who participates in events or promotions (e.g., competitions) at what time, or who uses our infrastructure and systems at what time. Finally, we collect and process data about our shareholders and other investors; in addition to master data, this includes, among other things, information for the corresponding registers, regarding the exercise of their rights and the holding of events (e.g., general meetings). The retention period of this data depends on the purpose and is limited to what is necessary. This ranges from a few days for many of the security cameras and usually a few weeks for data for contact tracing, to visitor data, which is usually kept for 3 months, to reports about events with pictures, which can be kept for several years or longer. Data about you as a shareholder or other investor is kept in accordance with corporate law requirements, but in any case as long as you are invested.

Much of the data mentioned in this Section 3 is provided to us by you yourself (e.g., via forms, in the context of communication with us, in connection with contracts and contract negotiations, when using the website and our Software as a Service functions, etc.). You are not obliged to do so, subject to legal obligations, e.g., in the context of binding protection concepts. If you want to conclude contracts with us or claim services, you must also provide us with data within the scope of your contractual obligation according to the relevant contract, in particular master, contract, and registration data. This is also the case, in particular, if you are an employee of a contractual partner of ours (e.g., as a medical representative of a pharmaceutical company) or are part of an emergency service circle and your data is recorded by our contractual partner (the emergency service organization) in docbox Software as a Service. When using our website, the processing of technical data is unavoidable. If you wish to gain access to certain systems or buildings, you must provide us with registration data. However, for behavioral and preference data, you generally have the option to object or not to give consent.

To the extent that this is not prohibited, we also take data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, media or the internet including social media) or receive data from authorities and other third parties (such as credit agencies, address dealers, associations, contractual partners, internet analysis services, etc.).

4. For what purposes do we process your data?

We process your data for the purposes we explain below. Further information for the online area can be found in Sections 12 and 13. These purposes or the objectives underlying them represent legitimate interests of us and, where applicable, of third parties. You will find further information on the legal bases of our processing in Section 5.

• We process your data for purposes related to communication with you, in particular for answering inquiries and asserting your rights (Section 11) and to contact you in case of queries. For this, we use in particular communication data and master data, and in connection with offers and services used by you, also registration data. We store this data to document our communication with you, for training purposes, for quality assurance, and for follow-up inquiries.

• We process your data in the context of contract negotiations as well as for the purpose of concluding, fulfilling, and administering contracts when using our Software as a Service (e.g., docbox) and for other services. This can happen in particular for the various functions on docbox, e.g., in the context of organizing the emergency service, medical data traffic, and communication between doctors and other medical professionals and pharmaceutical companies.

• We conclude contracts of various kinds with our business and private customers, with suppliers, subcontractors, or other contractual partners such as partners in projects or with parties in legal disputes. In doing so, we process in particular master data, contract data, and communication data, and depending on the circumstances, also registration data of the customer or the persons to whom the customer provides a service. This includes, for example, the recipients of our products or services who receive vouchers and invitations from our customers for this and who, upon redemption, can in turn become our customers. We process data in this case for the execution of the contract with these recipients, but also with the contractual partners who invited them.

• In the context of business initiation, personal data – in particular master data, contract data, and communication data – is collected from potential customers or other contractual partners (e.g., in an order form or contract) or arises from communication. Also in connection with the conclusion of the contract, we process data to check creditworthiness and to open the customer relationship. In some cases, this information is checked for compliance with legal requirements.

• In the context of the processing of contractual relationships, we process data for the management of the customer relationship, for the provision and collection of contractual services (which also includes the involvement of third parties, such as logistics companies, security services, advertising service providers, banks, insurance companies, or credit agencies, which can then in turn provide us with data), for consulting, and for customer care. The enforcement of legal claims from contracts (debt collection, legal proceedings, etc.) is also part of the processing, as is accounting, termination of contracts, and public communication.

   

• We process data for marketing purposes and for relationship management, e.g., to send our customers and other contractual partners personalized advertising for products and services from us and from third parties (e.g., from advertising contractual partners). This can be done, for example, in the form of newsletters and other regular contacts (electronically, by post, by telephone), through other channels for which we have contact information from you, but also in the context of individual marketing campaigns (e.g., events, competitions, etc.) and can also include free services (e.g., invitations, vouchers, etc.). You can refuse such contacts at any time (see the end of this Section 4) or refuse or revoke consent to be contacted for advertising purposes. With your consent, we can target our online advertising on the internet more specifically to you (see Section 12). Finally, we also want to enable our contractual partners to address our customers and other contractual partners for advertising purposes (see Section 7).

• We further process your data for market research, for the improvement of our services and our operations, and for product development.

• We may also process your data for security purposes (auditing, monitoring, and further development of networks, IT, and apps) and for access control (in particular also access to electronic systems).

• We process personal data for compliance with laws, directives, and recommendations from authorities and internal regulations (“Compliance”), such as the fulfillment of legal information, notification, and reporting obligations, of retention obligations, as well as for the prevention and investigation of criminal proceedings and other misconduct (including the conduct of internal investigations and data analyses).

• We also process data for the purposes of our risk management and as part of prudent corporate governance, including business organization and corporate development as well as cooperation with third parties and corporate transactions (such as the purchase and sale of business units).

• We may process your data for other purposes, e.g., in the context of our internal processes and administration or for training and quality assurance purposes, as well as for the assertion of legal claims and defense in connection with legal disputes and official proceedings.

5. On what basis do we process your data?

Insofar as we ask for your consent for certain processing (e.g., for the processing of particularly sensitive personal data, for marketing mailings, for the creation of personalized movement profiles, and for advertising control and behavioral analysis on the website), we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time with future effect by written notification (by post) or, unless otherwise stated or agreed, by email to us; you will find our contact details in Section 2. For the revocation of your consent for online tracking, see Section 12. Where you have a user account, a revocation or contact with us may also be carried out via the respective website or other service. As soon as we have received the notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution and administration of a contract with you (including the employees and/or customers represented by you) or that we or third parties have a legitimate interest in doing so, in particular to pursue the purposes described above under Section 4 and the related objectives and to be able to carry out corresponding measures. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognized as a legal basis by the respectively applicable data protection law. This also includes the marketing of our products and services, the interest in better understanding our markets, and in managing and further developing our company, including its operations, securely and efficiently.

If we receive sensitive data (e.g., health data, information on political, religious, or philosophical views, etc.), we may also process your data on the basis of other legal grounds, e.g., in the case of disputes due to the necessity of the processing for a possible lawsuit or the enforcement or defense of legal claims. In individual cases, other legal grounds may apply, which we will communicate to you separately as required.

6. What applies to profiling?

We can automatically evaluate certain of your personal characteristics for the purposes mentioned in Section 4 using your data (Section 3) (“profiling“) when we want to determine preference data, but also to identify risks of misuse and security risks, to carry out statistical evaluations, or for operational planning purposes. For the same purposes, we can also create profiles, i.e., we can combine behavioral and preference data, but also master and contract data and technical data assigned to you, to better understand you as a person with your different interests and other characteristics. However, we can also create anonymous and – with your consent – also personalized movement profiles of you.

In both cases, we pay attention to the proportionality and reliability of the results and take measures against the misuse of these profiles or of profiling. If these can have legal effects or significant disadvantages for you, we generally provide for a manual review.

7. To whom do we disclose your data?

In connection with our contracts, the website, our services and products, our legal obligations, or otherwise to protect our legitimate interests and the other purposes listed in Section 4, we also transmit your personal data to third parties, in particular to the following categories of recipients:

• Service providers: We work with service providers in Germany and abroad who process data about you on our behalf or in joint responsibility with us, or receive data about you from us in their own responsibility (e.g., IT providers, shipping companies, advertising service providers, login service providers, cleaning companies, security companies, banks, insurance companies, collection agencies, credit agencies, or address verifiers). This may also include health data of your customers (patients) made available to us. For the service providers engaged for the website and our Software as a Service, see Section 12. Central service providers in the IT area for us are our partners for the operation of our Software as a Service functions (e.g., Everware AG and Microsoft).

   

• Contractual partners, including customers: This initially means our customers and other contractual partners, because this data transfer results from these contracts. If you yourself work for such a contractual partner, we can also transmit data about you to them in this context. The recipients also include contractual partners with whom we cooperate.

• Authorities: We may pass on personal data to offices, courts, and other authorities in Germany and abroad if we are legally obliged or entitled to do so or if it appears necessary to protect our interests, in particular in the context of official investigations, proceedings, supervisory requirements, as well as reporting, information, and cooperation obligations. These authorities process data about you that they receive from us in their own responsibility.

All these categories of recipients can in turn involve third parties, so that your data can also be made accessible to them. We can restrict the processing by certain third parties (e.g., IT providers), but not that of other third parties (e.g., authorities, banks, etc.).

A disclosure of data to third parties may also concern confidential data, in particular insofar as this is necessary for the provision of contractual services; unless we have explicitly agreed with you that we will not pass on this data to certain third parties. Legal and officially ordered disclosure obligations remain reserved in this case as well. Notwithstanding this, your data is subject to adequate data protection even after disclosure in Switzerland and the rest of Europe.

8. Is your personal data also transferred abroad?

As explained in Section 7, we also disclose data to other bodies. These may be located outside of Switzerland. Your data can therefore be processed both in Europe and in the USA and other countries worldwide.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection, unless they are already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption clause. An exception may apply in particular to legal proceedings abroad, but also in cases of overriding public interests or if a contract processing requires such a disclosure, if you have consented, or if it concerns data made generally accessible by you, the processing of which you have not objected to. Please also note that data exchanged via the internet is often routed through third countries. Your data can therefore also go abroad even if the sender and recipient are in the same country.

9. How long do we process your data?

We process your data for as long as our processing purposes, the statutory retention periods, and our legitimate interests in processing for documentation and evidence purposes require it, or storage is technically necessary. Further details on the respective storage and processing duration can be found for each data category in Section 3 or for the cookie categories in Section 12. If there are no legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage or processing period has expired as part of our usual procedures.

10. How do we protect your data?

We take appropriate technical and organizational security measures to protect the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing, and to counter the dangers of loss, unintentional alteration, unwanted disclosure, or unauthorized access (such as the issuance of instructions, training, controls, logging, encryption and pseudonymization, access restrictions, etc.).

11. What rights do you have?

The applicable data protection law grants you the right under certain circumstances to object to the processing of your data, in particular that for purposes of direct marketing, profiling carried out for direct advertising, and other legitimate interests in processing.

To facilitate your control over the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

• The right to request information from us as to whether and what data we process from you;

• the right for us to correct data if it is inaccurate;

• the right to request the deletion of data;

• the right to request that we provide certain personal data in a common electronic format or transfer it to another controller;

• the right to withdraw consent, insofar as our processing is based on your consent;

• the right to receive further information on request that is necessary for the exercise of these rights;

If you wish to exercise the above rights towards us, please contact us in writing, on-site, or, unless otherwise stated or agreed, by e-mail; you will find our contact details in Section 2. So that we can rule out misuse, we must identify you (e.g., with a copy of your ID, if this is not otherwise possible).

Please note that for these rights, conditions, exceptions, or restrictions apply under the applicable data protection law (e.g., for the protection of third parties or of trade secrets), the assertion of which we reserve the right to make, for example, if we are obliged to store or process certain data, have an overriding interest in it, or need it for the assertion of claims. Please note that the exercise of the above rights may conflict with contractual agreements and this may have cost and other consequences, up to and including premature termination of the contract. We will inform you accordingly if necessary, where this is not already contractually regulated.

If you do not agree with our handling of your rights or data protection, please let us know (Section 2). In particular, if you are in the EEA, the United Kingdom, or Switzerland, you also have the right to complain to the data protection supervisory authority of your country.

12. Do we use online tracking and online advertising technologies?

On our website, we use various techniques that allow us and third parties engaged by us to recognize you during your use and, under certain circumstances, to track you across several visits. We will inform you about this in this section.

In essence, the point is that we can distinguish your access (via your system) from the access of other users, so that we can ensure the functionality of the website and carry out evaluations and personalizations. We do not want to deduce your identity, even if we can, insofar as we or third parties engaged by us can identify you by combining with registration data. Even without registration data, however, the techniques used are designed in such a way that you are recognized as an individual visitor each time you visit a page, for example by our server (or the servers of the third parties) assigning a specific identification number to you or your browser (so-called “cookie”).

We use such techniques on our website and allow certain third parties to do so as well. You can program your browser to block, deceive, or delete certain cookies or alternative techniques. You can also expand your browser with software that blocks tracking by certain third parties. You can find more information on this on the help pages of your browser (usually under the keyword “Data Protection”) or on the websites of the third parties that we list below.

The following cookies (techniques with comparable functionalities such as fingerprinting are included here) are distinguished:

• Necessary Cookies: Some cookies are necessary for the functioning of the website as such or for certain functions. They ensure, for example, that you can switch between pages without the information entered in a form being lost. They also ensure that you remain logged in. These cookies are only temporary (“session cookies”). If you block them, the website may not work. Other cookies are necessary so that the server can save decisions or entries made by you beyond a session (i.e., a visit to the website) if you use this function (e.g., selected language, given consent, the function for an automatic login, etc.). These cookies have an expiration date of up to 24 months.

• Performance Cookies: To optimize our website and corresponding offers and to better tailor them to the needs of users, we use cookies to record and analyze the use of our website, possibly also beyond the session. We do this by using analysis services from third-party providers. We have listed them below. By using our website, apps, Software as a Service (like docbox), and consenting to receive newsletters and other marketing emails, you agree to the use of such cookies until you revoke this consent. Performance cookies also have an expiration date of up to 24 months. Details can be found on the websites of the third-party providers.

• Marketing Cookies: We and our advertising contractual partners have an interest in controlling advertising in a targeted manner, i.e., to show it as far as possible only to those we want to address. For this purpose, we and our advertising contractual partners – if you consent – also use cookies with which the content accessed or contracts concluded can be recorded. This enables us and our advertising contractual partners to display advertising that we can assume you are interested in, on our website, but also on other websites that display advertising from us or our advertising contractual partners. Depending on the situation, these cookies have an expiration period of a few days to 12 months. If you consent to the use of these cookies, you will be shown corresponding advertising. If you do not consent to these cookies, you will not see less advertising, but simply any other advertising.

In addition to marketing cookies, we use other techniques to control online advertising on other websites and thereby reduce wastage. For example, we can transmit the email addresses of our users, customers, and other persons to whom we want to display advertising to operators of advertising platforms (e.g., social media). If these persons are registered there with the same email address (which the advertising platforms determine by means of a comparison), the operators will display the advertising placed by us to these persons in a targeted manner. The operators do not receive personal email addresses of persons not already known. In the case of known email addresses, however, they learn that these persons are connected with us and what content they have accessed.

We can also integrate other third-party offers on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (e.g., by clicking a button), the corresponding providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online offers. These social media providers process this data in their own responsibility.

We currently use offers from the following service providers:

• Google Analytics: Google Ireland (based in Ireland) is the provider of the “Google Analytics” service and acts as our processor. Google Ireland relies on Google LLC (based in the USA) as its processor for this purpose (both “Google”). Google uses performance cookies (see above) to track the behavior of visitors on our website (duration, frequency of pages accessed, geographical origin of access, etc.) and, on this basis, creates reports for us on the use of our website. We have configured the service so that the IP addresses of visitors from Google in Europe are shortened before being forwarded to the USA and can therefore not be traced back. We have turned off the “Data sharing” and “Signals” settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles, and link this data with the Google accounts of these persons. If you agree to the use of Google Analytics, you explicitly consent to such processing, which also includes the transfer of personal data (in particular usage data for the website and app, device information, and individual IDs) to the USA and other countries. Information on the data protection of Google Analytics can be found here [https://support.google.com/analytics/answer/6004245] and if you have a Google account, you can find further information on processing by Google here [https://policies.google.com/technologies/partner-sites?hl=en].

   
   

13. What data do we process on our pages in social networks?

We may operate pages and other online presences on social networks and other platforms operated by third parties (“fan pages,” “channels,” “profiles,” etc.) and collect the data about you described in Section 3 and below. We receive this data from you and the platforms when you get in contact with us via our online presence (e.g., when you communicate with us, comment on our content, or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data known to the platforms about you (e.g., about your behavior and your preferences). They also process this data for their own purposes in their own responsibility, in particular for marketing and market research purposes (e.g., to personalize advertising) and to control their platforms (e.g., what content they show you).

We process this data for the purposes described in Section 4, in particular for communication, for marketing purposes (including advertising on these platforms, see Section 12), and for market research. You will find information on the corresponding legal bases in Section 5. We can redistribute content published by you yourself (e.g., comments on an announcement) (e.g., in our advertising on the platform or elsewhere). We or the operators of the platforms can also delete or restrict content from or about you in accordance with the usage guidelines (e.g., inappropriate comments).

For further information on the processing by the operators of the platforms, please refer to the privacy notices of the platforms. There you will also find out in which countries they process their data, what rights of access, deletion, and other data subject rights you have, and how you can exercise them or obtain further information. We currently use the following platforms:

• Facebook: We operate the docbox page on Facebook here. The responsible body for the operation of the platform for users from Europe is Facebook Ireland Ltd., Dublin, Ireland. Their privacy policy is available at www.facebook.com/policy. Some of your data will be transferred to the USA. Objection to advertising is possible here: www.facebook.com/settings?tab=ads. With regard to the data that is collected and processed when visiting our page for the creation of “Page Insights,” we are jointly responsible with Facebook Ireland Ltd., Dublin, Ireland. As part of Page Insights, statistics are created about what visitors do on our page (comment on posts, share content, etc.). This is described at www.facebook.com/legal/terms/information_about_page_insights_data. It helps us to understand how our page is used and how we can improve it. We only receive anonymous, aggregated data. We have regulated our responsibilities regarding data protection in accordance with the information at www.facebook.com/legal/terms/page_controller_addendum.

• LinkedIn: We operate the docbox page on LinkedIn here. Please contact the operator of the page for all questions regarding data protection.

14. Can this privacy policy be changed?

This privacy policy is not part of a contract with you. We can adapt this privacy policy at any time. The version published on this website is the currently applicable version.

Last updated: 24.8.2023

The German version of this text is always legally binding. You can find it here.