Last updated: August 30th, 2023
1 Who is responsible for your personal data?
- you visit our website;
- you use our gamification marketing software («Software») as an employee (user) of one of our customers;
- you play a mini game one of our customers creates and operates using our Software;
- you apply for a position with us;
- we receive your personal data for other purposes within the scope of our business activities.
We process your personal data either:
- as a data controller, which means that we are responsible to you for your personal data; or
- as a processor in performance of a contract with a customer on whose website you play one of our mini games or whose employee you are. In this case, our customer is primarily responsible to you for your personal data.
2 What personal data do we process?
2.1 When you visit our website
When you visit our website, the server automatically logs general technical information. This data includes, for example, the IP address and operating system of your device, the date and time of your visit, the website you came from, and the type of browser you use to access our website.
If you contact us through the website, book a Software demo, sign up for our newsletter or download content from our website, we process your contact details and other personal data you provide us with, as well as, if applicable, technical data generated in the process.
We use the following cookies and other tracking technologies (for the sake of simplicity, collectively «Cookies»):
- Essential and functional Cookies to ensure the functionality and security of our website, and to make it easier for you to visit our website;
- Statistics Cookies to evaluate the use of our website and to collect information to improve our products and services,
- Marketing Cookies.
We also use social media plugins and embedded media from external platforms such as YouTube, for example to offer you multimedia content. When you access a page on our website where a plugin or embedded media is present, certain technical data is automatically transmitted to the provider of these services. If you have an account with the relevant provider and are logged in, this interaction may also be captured. Please consult the privacy policies of the respective providers for more information about their data collection and processing.
2.2 When you use our Software as an employee (user) of a customer
When you use our Software as an employee (user) of one of our customers, we process the following personal data about you:
- Identification data and contact details (e.g., name, email);
- Login data;
- Communication content;
- Technical data including usage data and general location data.
2.3 When you play a mini game one of our customers creates and operates using our Software
When you play a mini game one of our customers creates and operates using our Software, we process the following personal data about you:
- Technical ID (Unique Player Identifier);
- To the extent that our customer whose mini game you play activates corresponding functions: Identification data and contact details (e.g., name, email, address, phone number), general location data, other personal data as per our customer’s choices;
- Technical data including usage data.
2.4 When you apply for a position with us
When you apply for a position with us, we collect and process the necessary personal data to review your application and conduct the application process. This includes, in particular:
- Identification data and contact details (e.g., name, email, address, phone number);
- Communication content;
- Information about your professional background and qualifications;
- The content of your application;
- Other data necessary for the review of your application.
You submit most of this data directly to us as part of your application. In addition, we process data from other sources, in particular from references (if you have consented to references being obtained), as well as from publicly accessible sources (e.g., professional social networks, the internet).
2.5 When we receive your personal data for other purposes within the scope of our business activities
In the course of our business activities, we process personal data of other individuals, such as our contacts at potential customers, current customers, business partners, suppliers, and service providers. The personal data we process in this context primarily includes identification data, contact details, and communication content, as well as other relevant personal data.
We receive this data either directly from you or from other sources, such as your coworkers, our business partners and other contacts, as well as from publicly available sources (e.g., professional social networks). We also receive the contact details of potential customers from specialized providers of such data.
3 For what purposes do we process your personal data?
We process your personal data primarily for the following purposes and based on the following grounds for processing:
- to prepare, conclude, fulfill, and enforce contracts within the scope of our business activities. This includes contracts:
- with you, if we act as data controller; or
- with our customer on whose website you play a mini game or whose employee you are. In this case, we act as a processor, and the purposes and grounds for processing are determined by our customer as the data controller.
- based on and within the scope of your consent, if applicable. You can revoke your consent at any time.
- to comply with legal obligations (e.g., keeping of business records).
In addition, we process your personal data, where legally permitted, based on our interests to communicate with you and third parties (even outside the preparation or conclusion of a contract), to provide the website and the Software, to optimize your user experience, to maintain and potentially expand our business relationship with you, to improve, expand, and market our offerings, to ensure IT security and data protection, to prevent crimes and other misconduct, and to enforce, defend, or avert legal claims.
Based on our interest in informing individuals interested in our offerings about new developments, we can send you marketing information (e.g., via a newsletter). These marketing emails may contain visible or invisible images. When you download these images from the server, we can see whether and when you have opened the email. This allows us to better understand how you use our offerings and customize them for you. You can turn off this feature in your email program. You also have the option to opt out of receiving our marketing emails at any time.
4 Children’s data
We do not knowingly collect, use, or disclose personal data from children under the age of 13. If we become aware that we have inadvertently gathered personal data from a child under the age of 13, we will take prompt measures to delete such data from our records. Parents or guardians who believe that their child may have provided us with personal data without their consent are encouraged to contact us immediately at email@example.com.
5 When do we disclose your personal data to third parties?
To fulfill a contract, protect our interests, or comply with legal requirements, it may be necessary for us to disclose your personal data to third parties. This includes, in particular:
- cases where disclosure is necessary to (i) comply with legal obligations, (ii) ensure IT security and data protection, or (iii) enforce, defend, or avert legal claims;
- third parties to whom we transfer our company or parts thereof, or with whom we merge.
In this context, we also transfer personal data abroad. In particular, we use IT service providers with data locations in the EU or the EEA and have a subsidiary in Serbia (IT development and support). We limit the transfer of personal data outside Switzerland, the EU, and the EEA as far as possible, but it cannot be entirely avoided. If the respective recipient country does not have a level of data protection recognized by Switzerland, we use standard contractual clauses to ensure adequate data protection, where necessary and possible supplemented by additional security measures.
We do not sell or rent personal data to third parties.
6 Data security
We protect your personal data with appropriate technical and organizational security measures against accidental, unlawful, or unauthorized manipulation, deletion, alteration, access, disclosure, use, or loss.
Personal data in our Software is protected by the following security measures, among others:
- Data location EU;
- Encrypted connections;
- Secured, certified servers;
- Server monitoring;
- Regular backups;
- Access restricted to employees with need-to-know;
- Employee awareness training.
7 How long do we retain your personal data?
We store your personal data only for as long as and to the extent necessary for the purposes described or for legal reasons.
We delete or anonymize data stored in our Software no later than 30 days after the end of our contract with the customer concerned unless otherwise agreed with the customer.
8 What rights do you have in connection with your personal data?
If provided for and subject to the conditions of the applicable data protection laws, you have the following rights in connection with your personal data:
- Right to access your personal data;
- Right to have inaccurate personal data rectified;
- Right to erasure (“right to be forgotten”);
- Right to restrict the processing of your personal data;
- Right to data portability (transfer of your personal data to you or a third party);
- Right to object to the processing of your personal data.
Please note that exceptions apply to these rights. In particular, we may be obliged or entitled to further process your personal data to fulfill a contract, to protect our legitimate interests such as enforcing, defending, or averting legal claims, or to comply with legal obligations. In these cases, we can or must reject certain requests or comply with them only to a limited extent.
To exercise your rights in connection with your personal data, please contact us by email at firstname.lastname@example.org.
If we act as a data processor, we will forward your request to the relevant data controller.
If you are not satisfied with how we process your personal data, you have the right to file a complaint with your competent supervisory authority (in Switzerland, the Federal Data Protection and Information Commissioner FDPIC is competent).
Please contact us first before filing a complaint. This way, we can try to resolve your issue directly. The easiest way to contact us is by email at email@example.com.
If we act as a data processor, we will forward your request to the relevant data controller, where appropriate.
10 How do we respond to Do Not Track signals?
We do not track you across third party websites. Thus, we do not receive Do Not Track signals or other similar signals. To the extent that we do receive any such signals, we will not comply with them as it is not an aspect of the functionality of our website or Software.
11 Links to other websites
Our website may link to third-party websites that are not operated or controlled by us. We are not responsible for whether and how these third parties comply with data protection regulations.