vlot Privacy Notice for End Users

Version 2.0 of August 2023

1. Scope

This privacy notice for End Users (”Privacy Notice”) explains how vlot AG (”vlot” or “we”) processes and protects your personal data when you use any of our websites such as www.vlot.ch (the “Website”), when you interact with our demo versions such as the showcase under https://showcase.flow.vlot.ch (the “Demo Versions”), and when you visit and use our analysis application that is branded by us or one of our partners (each a “Partner”) but operated by us (the “Analysis Application”, together with the Website and the Demo Versions the “Webservices”).

vlot AG, Eichstrasse 23, 8045 Zürich (”vlot”) is the controller for vlot’s processing under this Privacy Notice, unless we tell you otherwise in an individual case, for example in additional privacy notices, on a form or in a contract.

If you disclose data to us or share data with us about other individuals, such as family members, co-workers, etc., we assume that you are authorized to do so and that the relevant data is accurate. When you share data about others with us, you confirm that. Please make sure that these individuals have been informed about this Privacy Notice.

Unless otherwise defined in this Privacy Notice or our End User GTC, the definitions used in this Privacy Notice have the same meaning as in the Swiss Federal Act on Data Protection and the EU General Data Protection Regulation, as applicable.

For all questions on the subject of data protection, you can also contact our external Data Protection Officer / Data Protection Adviser at any time. He can be reached by e-mail to: dpo@vlot.ch

We expressly point out that if you use this e-mail address, the content will not be exclusively noted by our data protection officer. If you wish to exchange confidential information, please therefore first contact us directly via: dpo@vlot.ch and mark the correspondence with: “F.A.O. data protection officer”.

2. How We Collect Personal Data

We may collect personal data relating to you directly or indirectly:

  • Directly from you when you use our services through forms, when you communicate with us, in relation to contracts, when you use the website, etc.

  • Indirectly

    • through the Partner if the Partner is allowed to share your personal data with us for the purposes of the Analysis Application;
    • with cookies and similar technologies;
    • from public sources or from public authorities and from other third parties (such as credit agencies, address brokers, associations, contractual partners, internet analytics services, etc.).

3. Personal Data we Collect

We may process the following data in the context of our services:

  • Technical data: When you use our website or other online offerings, we collect the IP address of your terminal device and other technical data (e.g. terminal device, the date, region and time of use and the type of browser) in order to ensure the functionality and security of these offerings. This data includes logs with records of the use of our systems. In order to ensure the functionality of these offerings, we may also assign an individual code to you or your terminal device (for example as a cookie, see our Cookie Policy). Technical data as such does not permit us to draw conclusions about your identity. However, technical data may be linked with other categories of data (and potentially with your person) in relation to user accounts, registrations, access controls or the performance of a contract.

  • Registration data: Certain offerings, and services (such as login areas of our website, newsletters, etc.) can only be used with a user account or registration, which can happen directly with us or through our third-party login service providers. Registration data includes the information you provide when you create an account on our website (for example username, password, name, e-mail). In this regard you must provide us with certain data, and we collect data about the use of the offering or service.

  • Communication data: When you are in contact with us via the contact form, by e-mail, telephone or chat, or by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. If we have to determine your identity, for example in relation to a request for information, a request for press access, etc., we collect data to identify you (for example a copy of an ID document).

  • Master data: With master data we mean the basic data that we need, in addition to contract data (see below), for the performance of our contractual and other business relationships or for marketing and promotional purposes, such as name and contact details, and information about, for example, your role and function, your bank details, your date of birth and customer history. We process your master data if you are a customer or other business contact or work for one (for example as a contact person of the business partner), or because we wish to address you for our own purposes or for the purposes of a contractual partner (for example as part of marketing and advertising, with invitations to events, with newsletters, etc.). We may also process sensitive data or so called “special categories” of personal data and information about you and third parties as part of master data. This includes your smoking behavior (health data) or implicitly data about your sexual orientation when you provide us with information about your marital status.

  • Contract data: This means data that is collected in relation to the conclusion or performance of a contract, for example information about the contracts and the services provided or to be provided, as well as data from the period leading up to the conclusion of a contract, information required or used for performing a contract, and information about feedback (for example complaints, feedback about satisfaction, etc.).

  • Behavioral, preference and statistical data: Depending on our relationship with you, we try to get to know you better and to tailor our products, services and offers to you or our customers more generally. For this purpose, we collect and process data about your behavior and preferences which is aggregated as statistical data. We do so by evaluating information about your behavior in our domain. The data processed for this purpose is already known to us (for example where and when you use our services), or we collect it by recording your behavior (for example how you navigate our website). We describe how tracking works on our website in our Cookie Policy.

We collect and process your personal data for the following purposes and based on the following legal basis:

  • Contract: We use your personal data to perform the respective analysis and to provide you with related information and offers as well as for the conclusion, administration and performance of our contractual relationships with you. We process your data also for purposes related to communication, in particular in relation to responding to inquiries and the exercise of your rights and to enable us to contact you in case of queries.

  • Consent: For all marketing purposes such as newsletters, we rely on your consent which you can withdraw at any time with. We also only process your sensitive data mentioned above on the basis of your consent. You may withdraw your consent at any time with effect for the future by providing us written notice (e.g by e-mail). For further information about your rights please see section 8.

  • Legitimate interests: We may use your personal data for data analytics, website traffic analytics as well as the improvement of our Webservices based on our legitimate interests and our evaluation that such processing is fair and reasonable. This includes data for marketing purposes and relationship management, for example to send our customers and other contractual partners personalized advertising for products and services from us and from third parties (for example from advertising partners). This may happen in the form of newsletters and other regular contacts (electronically, by e-mail or by telephone), through other channels for which we have contact information from you. We further process your data for market research, to improve our services and operations, and for product development.

  • Compliance: We may also be required by law to process your personal data (e.g., disclosure of data to law enforcement agencies). Where possible, we inform you prior to such disclosure or processing.

5. Data Retention

We retain your personal data only for as long as it is necessary for the purposes set out in this Privacy Notice, and to the extent necessary to comply with our legal obligations, resolve potential disputes and enforce our legal agreements and policies. We delete your personal data for which we no longer have any legal grounds for retention as reasonably possible in regular intervals.

6. Service Providers and Data Transfers

We may disclose your personal data to third parties, in particular to the following categories of recipients:

  • Service providers: We work with service providers in Switzerland and abroad who process your data on our behalf or as joint controllers with us or who receive data about you from us as separate controllers (for example IT providers, shipping companies, advertising service providers, login service providers, cleaning companies, security companies, banks, insurance companies, debt collection companies, credit information agencies, or address verification providers). This may include sensitive data. Key service providers in the IT area can be found at: https://www.vlot.ch/sub-processors/.

  • Contractual partners including customers: This refers to customers and our other contractual partners as this data disclosure results from these contracts. If you work for one of these contractual partners, we may also disclose data about you to that partner in this regard. These recipients also include contractual partners with whom we cooperate.

  • Authorities: We may disclose personal data to agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to make such disclosures or if it appears necessary to protect our interests. These authorities act as separate controllers.

We or our service providers may transfer your personal data to and process it in:

  • Switzerland
  • EU/EEA
  • USA

We may use service providers who are partly located in so-called third countries (outside the European Union or the European Economic Area or Switzerland) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the EU or Switzerland.

We safeguard your personal data per our contractual obligations and applicable data protection legislation when transferring data abroad.

Such safeguards may include:

  • the transfer to countries that have been deemed to provide an adequate level of protection according to lists of countries published by the Federal Data Protection and Information Commissioner, as well as to countries where there is an adequacy decisions by the European Commission in place;
  • applying standard data protection model clauses, binding corporate rules or other standard contractual obligations that provide appropriate data protection.

If a third country transfer takes place and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the third country (e.g. intelligence services) can gain access to the transferred data and that the enforceability of your data subject’s rights cannot be guaranteed.

7. Data Security

We take reasonable technical and organizational security measures that we deem appropriate in order to protect your stored data against manipulation, loss, or unauthorized third-party access. Our security measures are continually adapted to technological developments.

We take internal data privacy very seriously. Our employees and the Service Providers that we retain are required to maintain secrecy and to comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.

The security of your personal data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend that you use antivirus software, a firewall, and other similar software to protect your system.

8. Data Protection Rights

You have the below data protection rights. To exercise these rights, you may contact the above address or send an e-mail to: privacy@vlot.ch. Please note that we may ask you to verify your identity before responding to such requests.

  • Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.

  • Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.

  • Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent with effect for the future. This includes cases where you wish to opt out from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal basis for processing.

  • Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, or when it was unlawfully processed.

  • Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.

  • Right to portability: You have the right to request that we transmit your personal data to another data controller in a common format such as Excel or JSON, where this is data which you have provided to us and where we are processing it on the legal basis of your consent or in order to perform our contractual obligations.

  • Right to object to processing: Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests, or if we need to continue to process the personal data for the exercise or defence of a legal claim.

  • Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb/en/home.html). If you use our services from the EU/EEA, you can exercise this right, for example, before a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_en.

Our Webservices may contain links to websites or apps that are not operated by us. If you click a third-party link, you will be directed to that third party’s site or app. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

We may operate pages and other online presences («fan pages», «channels», «profiles», etc.) on social networks and other platforms operated by third parties and collect the data about you described above. We receive this data from you and from the platforms when you interact with us through our online presence (for example when you communicate with us, comment on our content or visit our online presence). At the same time, the platforms analyze your use of our online presences and combine this data with other data they have about you (for example about your behavior and preferences). They also process this data for their own purposes, in particular for marketing and market research purposes (for example to personalize advertising) and to manage their platforms (for example what content they show you) and, to that end, they act as separate controllers.

For further information on the processing of the platform operators, please refer to the privacy information of the relevant platforms. There you can also find out about the countries where they process your data, your rights of access and erasure of data and other data subjects rights and how you can exercise them or obtain further information. We currently use the following platforms:

We expressly draw your attention to the fact that the respective providers may also store the data of their registered users and other interested visitors to the social media platforms, e.g. personal information, IP address, cookies, etc., outside the European Union (EU) or the European Economic Area (EEA) and use it for their own business purposes.

We generally have no influence on the collection of data and its further use by the providers. The extent to which the data is stored, where it is stored and for how long, the extent to which the providers comply with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on, is neither recognizable nor influenceable for us. We therefore ask you to carefully check which personal data you disclose as a user on the social media platforms.

Our Webservices use only technical necessary cookies and similar technologies. You can find more details in our Cookie Policy.

11. Profiling

We may engage in profiling activities in order to evaluate certain aspects of you. In particular we engage in profiling activities for the purpose of allowing you to compare your situation to peers and others, to improve offer suggestions and to optimize the analysis to your specific use case and situation.

These profiling activates give us the possibility to better evaluate key aspects of you as our customer, allowing us to predict information so we can provide our services more effectively. We only engage in profiling where it is necessary for the performance of a contract with you, when it is authorised by law, or when there is a specific, informed, unambiguous and freely given consent from you. We use appropriate mathematical or statistical techniques when using profiling methods and have technical and organisational measures in place to ensure that inaccurate personal data are corrected that there is no discrimination or discriminatory effect.

You have the right to object to our profiling activities. To that end, you can contact privacy@vlot.ch in order to object to this processing activity.

12. Changes to This Privacy Policy

We may update our Privacy Notice from time to time. We therefore encourage you to review this Privacy Notice periodically for any changes. Changes to this Privacy Notice are effective when they are published.

13. Contact Us

If you have any questions about this Privacy Notice, please contact us at:

  • Address: vlot AG, Eichstrasse 23, 8045 Zürich

  • E-mail: privacy@vlot.ch