Privacy Policy

This website was created and published by Datatrans Ltd with its registered office in Switzerland, Kreuzbühlstrasse 26,8008 Zurich, registered in the Commercial Register of the Canton of Zurich under the number CHE-100.847.043. Accordingly, we are responsible for the collection, processing and use of your personal data in accordance with the law. We are committed to the responsible handling of your personal data. We therefore consider it a matter of course to comply with the legal requirements of the Swiss Federal Data Protection Act (FDPA), the Ordinance on the Federal Data Protection Act (OFDPA) and the General Data Protection Regulation of the European Union (GDPR). In the following we would like to inform you how we treat your personal data. Please note that the following information may be checked and changed from time to time. We therefore recommend that you consult this Privacy Policy on a regular basis.

Scope and purpose of the collection, processing and use of personal data

When you visit our website

When you visit our website, our servers temporarily store each access in a log file. The following data is collected and stored, without any action on your part, until it is automatically deleted after twelve months at the latest:

  • the IP address of the requesting computer,
  • date and time of access
  • name and URL of the data retrieved,
  • the website from which our domain was accessed,
  • the operating system of your computer and the browser used, and
  • the name of your Internet access provider.

This data is collected and processed for the purpose of allowing the use of our website (establishing a connection), ensuring system security and stability in the long term and allowing our Internet offering to be optimized, as well as for internal statistical purposes. The aforementioned information is not linked to or stored with personal data. Only in the event of an attack on the website’s network infrastructure or in case of a suspicion of unauthorized or abusive use of the website, the IP address will be evaluated for clarification and defense purposes and, if necessary, used for identification purposes in criminal proceedings and for civil and criminal proceedings against the users concerned. The purposes described above, constitute our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

When using the contact form

If you contact us using the contact form on the website, we collect the following information from you:

  • Name
  • Company name
  • E-mail address
  • Telephone number
  • Your request / your project
  • Estimated transaction volume

This information is mandatory. We use this data to answer your questions or provide the services you require and, if necessary, to contact you by telephone. The telephone number is never used for marketing purposes. The processing of your contact request is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (contact details see below).

When signing up for the PCI Proxy Dashboard

You can sign up on the PCI Proxy Dashboard for a 30-day free trial account. You must provide the following information when registering:

  • Company name
  • First name and surname of the contact person
  • E-mail address

The e-mail address and all other personal data you provide in connection with the trial account will be used solely to provide you with the PCI proxy test environment and related functionalities. At the end of the trial period, we will contact you to learn more about your experience with our service. The processing of your request to open a trial account is our legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (contact details see below), but you will then no longer receive access to the trial account.

When using the chat function

On the website we offer a chat function. Users can use the chat mask to contact us and ask questions about website functions and products. You are responsible for the messages or content you transmit to us via the chat function. We recommend that you do not submit sensitive information via the chat function. Personal data is only collected if you voluntarily provide us with your personal data in the chat. It is therefore up to you to decide what information you provide us with. In order to answer your chat questions, we may request additional information from you, such as your e-mail address, telephone number, etc. We will only collect those personal data from you that are necessary to answer your questions or to provide the services you require. In connection with the chat function we work with the service Chatlio of GATESHARE LLC DBA CHATLIO, 1329 N 47TH ST #31231, SEATTLE, WA 98103, USA. The Chatlio service is also connected to the Slack service, which is why corresponding chat data is also forwarded to Slack Technologies, 155 5th Street, 6th Floor, San Francisco, CA 94103, USA. Our legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR consists of the processing of your chat request or message. You can object to this data processing at any time (contact details see below).

Disclosure of data to third parties

We will only pass on your personal data if you have given your express consent, if there is a legal obligation to do so, or if it is necessary for the enforcement of our rights, in particular to assert claims arising out of the contractual relationship. In addition, we will pass on your data to third parties as far as it is necessary for the use of the website and the execution of the contract, namely the provision of the services you require and the analysis of your user behaviour. The use of the data forwarded for this purpose by third parties is strictly limited to the stated purposes. The website including the contact form data is hosted by Hostpoint AG, Neue Jonastrasse 60,8640 Rapperswil-Jona, Switzerland, on servers in Switzerland. Other third party providers are already mentioned above in connection with the chat function.

Transmission of personal data abroad

We are entitled to pass your data on to third-party companies abroad if this is necessary in connection with the processing of your queries, the provision of services or marketing campaigns. These third-party companies are obliged to protect the privacy of users to the same extent as the provider itself. If the standard of data protection in a country is deemed to be unacceptable by Swiss standards or in respect of the EU General Data Protection Regulation, we shall use a contract to ensure that your personal data is protected at all times in accordance with Swiss legislation and the EU General Data Protection Regulation. An overview of the service providers and their location can be found in the previous section (“Disclosure of data to third parties”). However, certain third-party service providers mentioned in this privacy policy have their registered office in the US (see “When using the chat function”). Further explanation on data forwarding to the US can be found under “Tracking Tools”.


Among other things, cookies help us to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website. Cookies neither damage the hard disk of your computer nor do they transmit your personal data to us. Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a warning message will always appear when a new cookie arrives. For more information, please check the settings of your browser. However, deactivating cookies may prevent you from using all the features of our portal.


For the purposes of needs-based design and the continuous optimisation of our pages, we use the web analysis service Google Analytics. In this respect, pseudonymised user profiles are created and small text files (‘cookies’) stored on your computer and used. Information generated by the cookie about your use of this website, such as

  • the browser type/version
  • the operating system used
  • the referrer URL (previous page visited)
  • the host name of the accessing computer (IP address)
  • the time of the server request
  • the device

is sent to servers of Google Inc., a company of the holding company Alphabet Inc., in the US and stored there. As part of this, before this data is sent within the member states of the European Union or other states that are party to the agreement on the European Economic Area and Switzerland, the IP address is truncated through this website’s IP anonymisation (‘anonymizeIP’). The anonymised IP address transmitted by your browser in the context of Google Analytics is not consolidated with other data from Google. The entire IP address is sent to a Google server in the US and truncated there only in exceptional cases. In these case, we ensure by contractual means that Google Inc. observes a sufficient level of privacy protection. The information is used to analyse use of the website, to compile reports about website activities and to provide us with further services relating to website and internet use for the purposes of market research and needs-based design for these websites. This information is also forwarded to third parties where this is required by law or if third parties have been commissioned to process this data. Under the terms of Google Inc., under no circumstances will the IP address be used in connection with other data relating to the user. Users can prevent Google’s collection of the data generated by the cookie that relates to a user’s use of the website (including their IP address) and Google’s processing of this data by downloading and installing the browser plug-in available via the following link:   As an alternative to the browser plug-in, users can prevent data collection by Google Analytics on the website in future by clicking on this link. By doing so, an opt-out cookie is stored on the user’s end device. To delete user cookies (see ‘Cookies’ above), the link must be clicked again. In order to manage cookies and pixels for tracking tools and other tools, we also use Google Tag Manager. The Tag Manager tool itself is a cookie-free domain and does not collect any personal data. Instead, the tool triggers other tags that may in turn collect data. If you have performed a deactivation at domain or cookie level, this remains in place for all tracking tags implemented using Google Tag Manager. For the sake of completeness, we note that as part of US legislation, the US authorities are able to take surveillance measures, under which the general storage of all data sent from the European Union to the US is possible. This takes place without distinction, limitation or exception, on the basis of the objective pursued and without objective criteria that would allow it to limit access by US authorities to personal data and its subsequent use to specific, strictly limited purposes that justify access to this data. For users residing in EU Member States, please note that, from the point of view of the European Union, the US does not have sufficient data protection levels due, inter alia, to the issues mentioned in this section. To the extent that we have explained in this privacy policy that recipients of data (such as Google, Facebook and Twitter) are located in the US, we will either based on a contract or by securing certification of these companies under the EU-US -Privacy Shield ensure that your data is protected at an appropriate level by our partners.

In connection with Google Analytics, the Datatrans website uses the Leadfeeder service being provided by Leadfeeder, Mikonkatu 17 C, 00100 Helsinki, Finland. Leadfeeder enriches the data from Google Analytics. The data that is collected and used by Leadfeeder to link the IP-addresses that have visited our website with information that can be found in the Internet associated with these IP-addresses. Due to the truncation of the visitors’ IP addresses, we cannot link a visitor to a particular person. A reference to a person can only be guessed by manually reviewing the linked company information (Leadfeeder Privacy Policy).

Datatrans uses the URL shortening services from Rebrandly, 31 Westland Square, Dublin 2, Ireland, to provide you with shorter and more memorable URLs (starting with The shortened URL will be automatically redirected to the original URL defined by Datatrans. Any personal data that is used for the redirection of the URL (e.g. IP Addresses, Browser Settings) will not be stored or used for other purposes mentioned in this agreement. More information on the measures taken to protect personal data at Rebrandly can be found at:

Processing of customer data

We collect information about our customers. In particular, we record the contact details of the contact persons at these customers. The customer data is either stored on paper or in digital form in the HubSpot CRM, a CRM service from HubSpot Inc., USA. HubSpot is a US company with a subsidiary in Ireland (HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland). HubSpot participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework. More information can be found in the terms of service and the privacy policies of Hubspot Inc., accordingly under and

The data stored in the HubSpot CRM system is generally used to manage the customer relationship, for the customer history, for lead management for billing of operational services, for automated customer information, for alerting customers in the event of technical problems or necessary technical adjustments, and in some cases also for inviting customers to technical occasions or events. The legal basis for the processing of your data for these purposes lies in the fulfilment of a contract according to Art. 6 para. 1 lit. b GDPR.

The data will only be passed on to third parties if it is necessary for the provision of the services requested by the customer.

The customer has the right to object at any time to the delivery of marketing information via newsletter or the delivery of information on special events (see below “Contact”). In spite of such an objection, we are still entitled to send the customer non-commercial information about our services, which are necessary for the use of our services, as well as notifications.

We use MailChimp to inform our clients about our services and technical issues. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA. The data being required for emailing will be sent to a server operated by The Rocket Science Group in the United States and stored there in accordance with the EU-US Privacy Shield. Further information about the data protection offered by MailChimp can be found at:

Our billing process is integrated with Zuora and uses the automated, recurring billing and invoicing feature. It is a PCI-compliant service, so all payment method information are stored neither by Zuora nor by Datatrans. Zuora is certified under the CH-US- and EU-US-Privacy Shield. The relevant privacy statements and contact details of Zuora can be found on the web site:

We use Google Fonts on our website for the representation of external fonts provided by Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). For this purpose, your browser has to establish a direct connection to the Google servers in the USA. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. Further information about handling user data, can be found at

Right to information, deletion and correction

You have the right to obtain information on the personal data that we store about you on request free of charge. In addition, you have the right to correct inaccurate data and the right to delete your personal data, as long as there is no legal retention duty or act of permission that allows us to process such data. You also have the right to demand the release of the data you have given us (right to data portability). On request, we will also forward the data to a third party of your choice. You have the right to receive the data in a common file format. For the aforementioned purposes, you can contact us via the e-mail address We may, at our discretion, require proof of identity to process your request. Apart from that you have the right to complain to a data protection authority at any time.

Data retention

We only store personal information for as long as it is necessary

  • to use the above tracking advertising and analysis services within the scope of our legitimate interest;
  • to carry out services that you requested or to which you have given your consent to the extent specified above.

Contract data is kept longer by us, as this is required by statutory storage requirements. Retention requirements that oblige us to keep data arise from accounting and tax regulations. According to these regulations, business communications, closed contracts and accounting documents must be kept for up to 10 years. As far as we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting and for tax purposes.

Data security

We take reasonable technical and organisational security measures that we deem appropriate in order to protect your stored data from being manipulated, fully or partially lost, or accessed by unauthorised third parties. Our security measures are adapted continually in line with technological developments. We also take internal data privacy very seriously. Our employees and the service providers commissioned by us are obliged to maintain secrecy and comply with the provisions of data protection law. In addition, they are granted access to personal data only insofar as this is necessary.


If you have any questions about data protection on our website, would like to receive information or request the deletion of your data, please contact us by sending an e-mail to Please send your request by letter to the following address: Datatrans AG, Kreuzbühlstrasse 26, 8008 Zürich (Date: March 2018)