Scope and purpose of the collection, processing and use of personal data
When you visit our website
When you visit our website, our servers temporarily store each access in a log file. The following data is collected and stored, without any action on your part, until it is automatically deleted after twelve months at the latest:
- the IP address of the requesting computer,
- date and time of access
- name and URL of the data retrieved,
- the website from which our domain was accessed,
- the operating system of your computer and the browser used, and
- the name of your Internet access provider.
This data is collected and processed for the purpose of allowing the use of our website (establishing a connection), ensuring system security and stability in the long term and allowing our Internet offering to be optimized, as well as for internal statistical purposes. The aforementioned information is not linked to or stored with personal data. Only in the event of an attack on the website’s network infrastructure or in case of a suspicion of unauthorized or abusive use of the website, the IP address will be evaluated for clarification and defense purposes and, if necessary, used for identification purposes in criminal proceedings and for civil and criminal proceedings against the users concerned. The purposes described above, constitute our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.
When using the contact form
If you contact us using the contact form on the website, we collect the following information from you:
- Company name
- E-mail address
- Telephone number
- Your request / your project
- Estimated transaction volume
This information is mandatory. We use this data to answer your questions or provide the services you require and, if necessary, to contact you by telephone. The telephone number is never used for marketing purposes. The processing of your contact request is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (contact details see below).
When signing up for the PCI Proxy Dashboard
You can sign up on the PCI Proxy Dashboard for a 30-day free trial account. You must provide the following information when registering:
- Company name
- First name and surname of the contact person
- E-mail address
The e-mail address and all other personal data you provide in connection with the trial account will be used solely to provide you with the PCI proxy test environment and related functionalities. At the end of the trial period, we will contact you to learn more about your experience with our service. The processing of your request to open a trial account is our legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (contact details see below), but you will then no longer receive access to the trial account.
When using the chat function
On the website we offer a chat function. Users can use the chat mask to contact us and ask questions about website functions and products. You are responsible for the messages or content you transmit to us via the chat function. We recommend that you do not submit sensitive information via the chat function. Personal data is only collected if you voluntarily provide us with your personal data in the chat. It is therefore up to you to decide what information you provide us with. In order to answer your chat questions, we may request additional information from you, such as your e-mail address, telephone number, etc. We will only collect those personal data from you that are necessary to answer your questions or to provide the services you require. In connection with the chat function we work with the service Chatlio of GATESHARE LLC DBA CHATLIO, 1329 N 47TH ST #31231, SEATTLE, WA 98103, USA. The Chatlio service is also connected to the Slack service, which is why corresponding chat data is also forwarded to Slack Technologies, 155 5th Street, 6th Floor, San Francisco, CA 94103, USA. Our legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR consists of the processing of your chat request or message. You can object to this data processing at any time (contact details see below).
Disclosure of data to third parties
We will only pass on your personal data if you have given your express consent, if there is a legal obligation to do so, or if it is necessary for the enforcement of our rights, in particular to assert claims arising out of the contractual relationship. In addition, we will pass on your data to third parties as far as it is necessary for the use of the website and the execution of the contract, namely the provision of the services you require and the analysis of your user behaviour. The use of the data forwarded for this purpose by third parties is strictly limited to the stated purposes. The website including the contact form data is hosted by Hostpoint AG, Neue Jonastrasse 60,8640 Rapperswil-Jona, Switzerland, on servers in Switzerland. Other third party providers are already mentioned above in connection with the chat function.
Transmission of personal data abroad
Among other things, cookies help us to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website. Cookies neither damage the hard disk of your computer nor do they transmit your personal data to us. Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a warning message will always appear when a new cookie arrives. For more information, please check the settings of your browser. However, deactivating cookies may prevent you from using all the features of our portal.
For the purposes of needs-based design and the continuous optimisation of our pages, we use the web analysis service Google Analytics. In this respect, pseudonymised user profiles are created and small text files (‘cookies’) stored on your computer and used. Information generated by the cookie about your use of this website, such as
- the browser type/version
- the operating system used
- the referrer URL (previous page visited)
- the host name of the accessing computer (IP address)
- the time of the server request
- the device
Datatrans uses the URL shortening services from Rebrandly, 31 Westland Square, Dublin 2, Ireland, to provide you with shorter and more memorable URLs (starting with dtrx.ch). The shortened URL will be automatically redirected to the original URL defined by Datatrans. Any personal data that is used for the redirection of the URL (e.g. IP Addresses, Browser Settings) will not be stored or used for other purposes mentioned in this agreement. More information on the measures taken to protect personal data at Rebrandly can be found at: https://rebrandly.com/privacy-policy
Processing of customer data
We collect information about our customers. In particular, we record the contact details of the contact persons at these customers. The customer data is either stored on paper or in digital form in the HubSpot CRM, a CRM service from HubSpot Inc., USA. HubSpot is a US company with a subsidiary in Ireland (HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland). HubSpot participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework. More information can be found in the terms of service and the privacy policies of Hubspot Inc., accordingly under http://www.hubspot.com/terms-of-service and http://www.hubspot.com/privacy-policy.
The data stored in the HubSpot CRM system is generally used to manage the customer relationship, for the customer history, for lead management for billing of operational services, for automated customer information, for alerting customers in the event of technical problems or necessary technical adjustments, and in some cases also for inviting customers to technical occasions or events. The legal basis for the processing of your data for these purposes lies in the fulfilment of a contract according to Art. 6 para. 1 lit. b GDPR.
The data will only be passed on to third parties if it is necessary for the provision of the services requested by the customer.
The customer has the right to object at any time to the delivery of marketing information via newsletter or the delivery of information on special events (see below “Contact”). In spite of such an objection, we are still entitled to send the customer non-commercial information about our services, which are necessary for the use of our services, as well as notifications.
We use MailChimp to inform our clients about our services and technical issues. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA. The data being required for emailing will be sent to a server operated by The Rocket Science Group in the United States and stored there in accordance with the EU-US Privacy Shield. Further information about the data protection offered by MailChimp can be found at: https://mailchimp.com/legal/privacy/
Our billing process is integrated with Zuora and uses the automated, recurring billing and invoicing feature. It is a PCI-compliant service, so all payment method information are stored neither by Zuora nor by Datatrans. Zuora is certified under the CH-US- and EU-US-Privacy Shield. The relevant privacy statements and contact details of Zuora can be found on the web site: https://www.zuora.com/privacy-statement/
We use Google Fonts on our website for the representation of external fonts provided by Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). For this purpose, your browser has to establish a direct connection to the Google servers in the USA. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. Further information about handling user data, can be found at https://www.google.com/policies/privacy/.
Right to information, deletion and correction
You have the right to obtain information on the personal data that we store about you on request free of charge. In addition, you have the right to correct inaccurate data and the right to delete your personal data, as long as there is no legal retention duty or act of permission that allows us to process such data. You also have the right to demand the release of the data you have given us (right to data portability). On request, we will also forward the data to a third party of your choice. You have the right to receive the data in a common file format. For the aforementioned purposes, you can contact us via the e-mail address firstname.lastname@example.org. We may, at our discretion, require proof of identity to process your request. Apart from that you have the right to complain to a data protection authority at any time.
We only store personal information for as long as it is necessary
- to use the above tracking advertising and analysis services within the scope of our legitimate interest;
- to carry out services that you requested or to which you have given your consent to the extent specified above.
Contract data is kept longer by us, as this is required by statutory storage requirements. Retention requirements that oblige us to keep data arise from accounting and tax regulations. According to these regulations, business communications, closed contracts and accounting documents must be kept for up to 10 years. As far as we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting and for tax purposes.
We take reasonable technical and organisational security measures that we deem appropriate in order to protect your stored data from being manipulated, fully or partially lost, or accessed by unauthorised third parties. Our security measures are adapted continually in line with technological developments. We also take internal data privacy very seriously. Our employees and the service providers commissioned by us are obliged to maintain secrecy and comply with the provisions of data protection law. In addition, they are granted access to personal data only insofar as this is necessary.
If you have any questions about data protection on our website, would like to receive information or request the deletion of your data, please contact us by sending an e-mail to email@example.com. Please send your request by letter to the following address: Datatrans AG, Kreuzbühlstrasse 26, 8008 Zürich (Date: March 2018)