Skip to main content

Data Protection Policy

I.    Data protection policy and information obligations

We are pleased about your visit to our website and your interest in the CREALOGIX Group, our products and our services. Transparency with regard to the data protection and data security of visitors to our website, customers and contractual partners is an important concern for us. In all our business processes, we take the protection of your personal data very seriously.

This data protection policy informs you in accordance with Art. 12 et seq. GDPR about how your personal data is handled when you use our website. In particular, it explains what data we collect and what we use them for. It also informs you about how and for what purpose this is done – always taking into account the applicable data protection provisions, in particular the EU General Data Protection Regulation (GDPR), the Swiss Federal Data Protection Act and other applicable national laws.
This data protection policy applies to all companies of the CREALOGIX Group named below.

 

II.    Responsible body

The responsible body is the company of the CREALOGIX group of companies (we, us), which decides on the purposes and means of the personal data processing in accordance with applicable law. This also includes the (mobile) applications that refer to this data protection policy. Responsible bodies are thus the following:

CREALOGIX AG
Maneggstrasse 17
8041 Zurich
Switzerland
Tel: +41 58 404 8000
E-mail: info@crealogix.com


The person responsible in Germany depends on the service:

CREALOGIX (Deutschland) GmbH
Breitscheidstraße 10
70174 Stuttgart
Germany
Tel: + 49 711 614 160
E-mail: contact-de@crealogix.com

CREALOGIX BaaS GmbH & Co. KG
Am Hofbräuhaus 1
96450 Coburg
Germany
Tel: +49 956 155 430
E-mail: contact-de@crealogix.com

CREALOGIX MBA Ltd
21-22 Staple Gardens
Winchester SO23 8SR
United Kingdom
Tel: +44 1962 841 494
E-mail: contact-uk@crealogix.com

CREALOGIX PTE. Ltd.
5 Shenton Way
Level 10-01 UIC Building
Singapore 068808
Singapore
Tel: +65 6932 2804
E-mail: contact-apac@crealogix.com

Innofis ESGM, S.L.
Balmes 150
08008 Barcelona
Spain
Tel: +34 936 671855
E-mail: contact-es@crealogix.com

Saudi Crealogix Single-Partner LLC
Al Tawuniya Tower (South Tower)
Level 16
King Fahad Road
Riyadh
Kingdom of Saudi Arabia
Tel: +34 936 671855
E-mail: contact-middle-east@crealogix.com

 

III.    Data Protection Officer

Several data protection officers have been appointed for our group of companies.

For CREALOGIX (Deutschland) GmbH and for CREALOGIX BaaS GmbH & Co.KG:
dsb-clx@ensecur.de, dsb-clx-baas@ensecur.de, datenschutz@crealogix.com

For all other CREALOGIX Group Companies:
datenschutz@crealogix.com

 

IV.    Purpose and legal basis of the processing of personal data
Some services on our website may require us to process personal data about you in order to provide our services. This is, of course, only done within the legal framework, insofar as it is necessary and you have consented to it in the event of legal necessity. We take great care to adhere to the principles of data reduction and data economy.

a.    Calling up and visiting our website – server log files

For the purpose of the technical provision of the website, it is necessary that we process certain data automatically transmitted by your browser so that our website can be displayed in your browser and you can use it. When you access our website, our web server automatically collects data in a server log file. They are the following:

The storage of the afore-mentioned access data is required for technical reasons in order to provide a functioning website and to ensure system security. This also applies to the storage of your IP address, without which you cannot visit our website. In theory, it would be possible to establish a personal reference.

Furthermore, we process these data from the server log files solely for statistical purposes and in order to optimise our website and improve user-friendliness.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

b.    Contact forms

If you contact us via our online contact forms (general contact request, partner request, investor information service), we will collect personal data to the extent provided by you. The following mandatory fields are predefined:

First name
Last name
Company name
Country
E-mail
Contact reason
Message

We will only use your email address to process your request. Your data will then be deleted unless you have consented to further processing and use.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR in the case of an existing contractual relationship or Art. 6 para. 1 sentence 1 lit. f GDPR in the case of other contact requests. In the case of newsletter subscription, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

c.    Marketing communications

If you would like to receive our marketing communications with information on current developments, studies and reports and events and webinars, you can subscribe to receive these. Therefore, we request as mandatory fields:

First name
Last name
E-mail

We only use your email address to register you for our marketing communications to send you the confirmation link and to subsequently send you the marketing communications. If you no longer wish to receive these, you can withdraw your consent at any time.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a GDPR.

d.    Downloading/access to content (e.g. reports, white papers, use cases, webinar recordings)

If you would like to download reports or access webinar recordings on technological, strategic or changing customer expectations, you can register to gain access to these. The following mandatory fields are predefined:

First name
Last name
Company name
E-mail
Country

We only use your e-mail address to send you the confirmation link and to subsequently send you an e-mail with the requested content. If you no longer wish to receive reports, you can withdraw your consent at any time.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a GDPR.

e.    Applications

If you are interested in us as an employer and would like to apply for a job with us, we collect various personal data that we need to review your application. The following mandatory fields are predefined:

First name/Vorname
Last name/Nachname
Email/E-Mail-Adresse
Salary expectations/Gehaltsvorstellungen
Possible start date/Mögliches Eintrittsdatum
Approval/Zustimmung zur Datenschutzerklärung

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

f.    Cookies

We use so-called cookies on our website. Cookies are small text files that are stored by the web browser on your computer or mobile device. Cookies do not cause any damage to your computer, do not contain viruses, and are automatically deleted after they expire. Some cookies expire when you end your Internet session; others are stored for a maximum of 100 days.

Some of the cookies we use on our website come from third parties that help us analyse the impact of our website content and our visitors' interests, measure the performance of our website or serve to place ads and other content on our website or other websites. Within the framework of our website, we use both first-party cookies (only visible in the domain you are visiting) and third-party cookies (visible across domains and regularly placed by third parties).

You can, of course, also view our website without cookies. You can use your browser settings to prevent cookies from being stored on your computer. Existing cookies can also be deleted via the browser settings. In this event, however, the functionality of our website may be limited.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR for third-party cookies, which we set mainly for marketing purposes and thereby process personal data that are not required for normal website operation. Another legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR for cookies that we place to protect our legitimate interests (technical provision, optimisation, user-friendliness, security).

We use the following cookie-based tools/plugins on our website:
 

g.    Google Analytics

This website uses Google Analytics and Google Remarketing based on your consent given to us. These are services provided by Google, Inc. (“Google”). Google uses “cookies”, which are text files placed on your computer to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google in the United States. In the event that IP anonymisation is activated, Google will truncate/anonymise the last octet of the IP address for Member States of the European Union as well as for other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. On behalf of the website provider, Google will use this information to evaluate your use of the website, compile reports on website activity for website operators and provide other services relating to website activity and internet usage to the website provider. Google will never associate your IP address with other Google data. You can refuse the use of cookies by selecting the appropriate settings in your browser. Please note, however, that if you do this, you may not be able to use all the features of this website. Furthermore, you can prevent the collection and use of data (cookies and IP address) by Google by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en.

For more information on the terms of use and data protection, please visit https://tools.google.com/dlpage/gaoptout?hl=en or https://support.google.com/analytics/answer/6004245?hl=en or https://support.google.com/adwordspolicy/answer/143465?hl=en. Please note that on this website, the code of Google Analytics and Google Remarketing is supplemented by "gat._anonymizeIp ()" to ensure the anonymised collection of IP addresses (so-called IP masking).

The legal basis for data processing is Art. 49 para. 1 sentence 1 lit. a GDPR. Standard contractual clauses to ensure an adequate level of data protection have also been concluded.

h.    Google Tag Manager

This website uses Google Tag Manager. This service allows us to manage website tags via an interface. Google Tool Manager only implements tags. This means that no cookies are used and no personal data are regularly collected in the process. However, this may trigger other tags, which in turn may collect data. However, Google Tag Manager does not access these data. If any deactivation has been made at domain or cookie level, this will remain in place for all tracking tags if they are implemented with the Google Tag Manager.

The legal basis for data processing is Art. 49 para. 1 sentence 1 lit. a GDPR. Standard contractual clauses to ensure an adequate level of data protection have also been concluded.

i.    DoubleClick/Google Ads

This website uses the DoubleClick or Google Ads tool from Google. DoubleClick and Google Ads use cookies to provide ads that are relevant to users, to improve campaign performance reports and to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads are displayed in which browser. Moreover, DoubleClick uses cookie IDs to track conversions related to ad enquiries. You can prevent this tracking in the following ways:

by permanently deactivating them in your Firefox, Internet Explorer or Google Chrome browsers via the link https://www.google.com/settings/ads/plugin. You can find more information about DoubleClick from Google at https://marketingplatform.google.com/about/enterprise/. You can find out more about data protection at Google in general at: https://policies.google.com/privacy?hl=de&gl=de.

The legal basis for data processing is Art. 49 para. 1 sentence 1 lit. a GDPR. Standard contractual clauses to ensure an adequate level of data protection have also been concluded. In addition, Google has committed to the Data Privacy Framework Program and is self-certified for this. In the list there (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active), Google is listed as "Active" as of August 2023. The EU Commission has adopted an adequacy decision on the Data Privacy Framework Program, which certifies that the USA has an adequate level of data protection.
 

j.    HubSpot

HubSpot is an online marketing and sales tool for collecting and storing data and generating leads. We use HubSpot forms on our website (in all countries and in all languages), especially as a first point of contact and for downloading content. Leads can be generated from this data and used by our sales and marketing team. HubSpot can also record customer journeys with the aid of cookies and IP addresses.

The data collected are stored by HubSpot on servers in the European Union and the USA. The transfer of data takes place in accordance with the conditions of the standard contractual clauses. HubSpot is committed to handling all personal data received from European Union (EU) Member States and Switzerland in accordance with the applicable principles of the Standard Contractual Clauses.

The legal basis for data processing is Art. 49 para. 1 sentence 1 lit. a GDPR.
 

k.    Microsoft Bing Ads

This website uses Microsoft Bing Ads on the basis of the consent you have given to us. We use Microsoft Bing Ads for remarketing and completion tracking purposes. The service originates from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 - 6399, USA, hereinafter referred to only as "Microsoft", which uses the so-called Universal Event Tracking (UEN).

When you click on an advert placed by us on the Internet search engine "Bing", a cookie for tracking functionality is stored by Microsoft on the end device via the Internet browser. This tracking cookie loses its validity after 180 days and is not used for personal identification. If the cookie is still valid and a specific page of our website is accessed at the same time, both Microsoft and we can recognise that the website visitor has clicked on an advert placed by us on Bing and has been redirected from there to our website.

The data collected with Microsoft's tracking cookie are used to compile visit statistics, such as the number of accesses to the adverts we have placed on Bing as well as on the Internet pages of our website that were subsequently accessed. It is not possible to personally identify the website visitor on the basis of these data. Microsoft may be able to track user behaviour across multiple devices of a user via so-called cross-device tracking, enabling Microsoft to display personalised advertising across devices. The setting of cookies can be prevented by browser settings or by refusing consent.
If you have a Microsoft account, you can also change the settings for personalised advertising there under http://choice.microsoft.com/de-de/opt-out.

Furthermore, Microsoft offers further information on Bing Ads and on the collection and use of data as well as on your rights and options to protect your privacy under https://help.bingads.microsoft.com/#apex/3/de/53056/2 as well as under https://privacy.microsoft.com/de-de/privacystatement. The legal basis for data processing is Art. 49 para. 1 sentence 1 lit. a GDPR. Standard contractual clauses to ensure an adequate level of data protection have also been concluded. Microsoft has also committed to the Data Privacy Framework Program and is self-certified for this. As of August 2023, Microsoft is listed as "Active" in the https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active list. The EU Commission has adopted an adequacy decision on the Data Privacy Framework Program, which certifies that the USA has an adequate level of data protection.
 

l.    SmartRecruiters – digital application process

With the aid of SmartRecruiters GmbH, data about you will be stored and processed as part of the application process. We assure you that data will only be used by a narrow circle of users. Your personal applicant data will not be passed on to third parties in any form by us or by any persons commissioned by us, unless we are obliged to pass them on due to mandatory legal regulations (e.g. to state institutions).

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR in conjunction with national regulations on employee data protection.

m.    YouTube

This website uses YouTube on the basis of the consent you have given to us. The service originates from YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you visit one of our pages that embeds content from YouTube, a connection is established to servers from YouTube. The YouTube server receives information about which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to associate your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Further information on how your data is handled in this regard can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Standard contractual clauses/sufficient guarantees to ensure an adequate level of data protection have also been concluded.

 

V.    Recipients of the data

Within our group, access to your data is given to those offices that require them to fulfil our contractual and legal obligations. Service providers and vicarious agents used by us (e.g. technical service providers, shipping companies, waste disposal companies) may also receive data for these purposes. Depending on the circumstances, we commission these service providers within the framework of order processing. They are then subject to our instructions and may only process the data for narrowly defined purposes. In some cases, we also jointly define the purposes and means of data processing within the framework of joint responsibility.

In individual cases, we also transmit personal data to our legal and tax advisors, whereby these recipients are obliged to maintain special confidentiality and secrecy due to their professional status.

 

VI.    Data transfer to third countries

As the CREALOGIX Group, we process your data predominantly in Switzerland or in an EU Member State. Personal data are transferred between affiliated companies in Switzerland, the European Union, the United Kingdom, Singapore and Saudi-Arabia. Only the relevant departments and/or persons in our company have access to the data to process your enquiries and requests. For the aforementioned cookie-based tools/plugins and the aforementioned purposes, we also transfer the aforementioned data to third countries on the basis of the legal bases and the measures for ensuring an adequate level of data protection mentioned there.

Potential risks may include unenforceable data subject rights and a lower level of data protection. We minimise the risk as far as possible by concluding order processing contracts (if such a contractual relationship exists) and standard contractual clauses including effective supplements required by the supervisory authorities.

 

VII.    Duration of the data storage

We initially process and store your personal data for the duration for which the respective purpose of use requires corresponding storage. Depending on the circumstances, this also includes the periods of time for initiating a contract and the subsequent performance of the contract. If a contractual relationship ends, the data processing purposes no longer apply or statutory retention periods expire, we will delete your data. There are a wide variety of deadlines for the retention of data and documents, which may result from the Commercial, the Fiscal or the Civil Code, for example. The deletion periods range from a few days to 10 years, depending on the circumstances.

 

VIII.    Data security

To ensure the appropriate security of your data on our website and systems, we take appropriate technical and organisational measures to protect your data from loss, destruction, unauthorised access and manipulation. The measures we apply are continuously developed in line with technological progress.

We use at least TLS 1.2 encryption for our web forms. This protects your entries in our web forms during transmission to our servers. You can recognise an encrypted connection by the fact that the address line of your browser changes from "http://" to "https://" and by the lock symbol in your browser line. Nonetheless, we would like to point out that this does not represent complete protection against attackers.

 

IX.    Your rights as a data subject

Under the GDPR, you are entitled to the following statutory data subject rights, provided that the prerequisites are met:

Right of objection

Insofar as the processing of your data is carried out to protect legitimate interests, you have the right to object to this processing at any time using the contact details provided if your particular situation gives rise to reasons that prevent such data processing. We will then no longer process your data unless they are predominantly based on our own legitimate interest or another legal basis. If you would like to exercise your right to object, send an email to the above email addresses of our data protection officers.

 

X.    Obligation to provide data

In principle, you are not obliged to provide us with your personal data. However, if you do not do this, we will not be able to provide you with unrestricted access to our website or to respond to your enquiries to us. Only the personal data that we absolutely need for the above-mentioned processing purposes is marked accordingly as mandatory information.

 

XI.    Automated decision making/profiling

We do not use automated decision making or profiling (an automated analysis of your personal circumstances).

 

XII.    Updating and changing this privacy policy

Our data protection policy is regularly revised and updated from time to time to comply with the legal data protection and privacy laws in force.

 

Last updated: 21 November 2023

Contact us