Data protection

The data controller for this website is:

Xplain AG
Bahnhofstrasse 22
3800 Interlaken

info_at_xplain.ch
+41 33 826 00 30

We point out if there are other persons responsible for the processing of personal data in individual cases.

Definitions 
Personal data is any information relating to an identified or identifiable natural person. A data subject is a person about whom we process personal data.

Processing includes any handling of personal data, regardless of the means and procedures used, such as querying, matching, adapting, archiving, storing, reading out, disclosing, procuring, recording, collecting, deleting, disclosing, arranging, organizing, storing, modifying, disseminating, linking, destroying and using personal data.

Legal basis 
We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (FADP) and the Ordinance on Data Protection (FADP).

We process personal data - if and to the extent that the General Data Protection Regulation (GDPR) is applicable - in accordance with at least one of the following legal bases:

• Art. 6 para. 1 lit. a DSGVO for the processing of personal data with the consent of the data subject. 
• Art. 6 para. 1 lit. b DSGVO for the necessary processing of personal data for the fulfillment of a contract with the data subject as well as for the implementation of pre-contractual measures. 
• Art. 6 para. 1 lit. c DSGVO for the necessary processing of personal data to fulfill a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
• Art. 6 para. 1 lit. d DSGVO for the necessary processing of personal data to protect vital interests of the data subject or another natural person. 
• Art. 6 para. 1 lit. e DSGVO for the necessary processing of personal data for the performance of a task carried out in the public interest. 
• Art. 6 para. 1 lit. f DSGVO for the necessary processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject override these. Legitimate interests are, in particular, our interest in being able to carry out our activities and operations permanently, in a user-friendly, secure and reliable manner, as well as to communicate about them, to ensure information security, to protect against misuse, to enforce our own legal claims and to comply with Swiss law.

We process those personal data that are necessary to carry out our activities and operations in a permanent, user-friendly, secure and reliable manner. In particular, such personal data may fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales data and contract and payment data.

We process personal data for the period of time necessary for the relevant purpose(s) or as required by law. Personal data whose processing is no longer required will be anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are, in particular, specialized providers whose services we use. We also guarantee data protection for such third parties.

We process personal data only with the consent of the data subject, unless the processing is permitted for other legal reasons. Processing without consent may be permissible, for example, for the fulfillment of a contract with the data subject and for corresponding pre-contractual measures, in order to protect our overriding legitimate interests, because the processing is evident from the circumstances or after prior information.

In this context, we process in particular information that a data subject voluntarily provides to us when contacting us - for example, by letter, email, instant messaging, contact form, social media or telephone - or when registering for a user account. We may store such information, for example, in an address book, in a customer relationship management system (CRM system) or with comparable tools. If we receive data about other persons, the transmitting persons are obligated to ensure data protection with respect to these persons and to ensure the accuracy of this personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, if and to the extent that such processing is permitted for legal reasons.

We process personal data about applicants to the extent that it is required for assessing their suitability for an employment relationship or for the subsequent execution of an employment contract. The required personal data results in particular from the information requested, for example in the context of a job advertisement. We also process personal data that applicants voluntarily provide or publish, in particular as part of cover letters, resumes and other application documents as well as online profiles.

We process - if and to the extent that the General Data Protection Regulation (GDPR) is applicable - personal data about applicants.

We process personal data in Switzerland and in the European Economic Area (EEA, the EEA comprises the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway). However, we may also export or transfer personal data to other countries, in particular to process it or have it processed there.

We may export personal data to all states and territories on earth, provided that the law there ensures adequate data protection in accordance with the decision of the Swiss Federal Council or, insofar as the General Data Protection Regulation (GDPR) is applicable, ensures adequate data protection in accordance with the decision of the European Commission.

We may transfer personal data to countries whose law does not ensure adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or with other appropriate safeguards. By way of exception, we may export personal data to countries without adequate or appropriate data protection if the special data protection law requirements for this are met, for example the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we will provide data subjects with information about any guarantees or provide a copy of any guarantees.

Claims under data protection law 
We grant data subjects all claims in accordance with applicable data protection law. In particular, data subjects have the following rights:

• Information: Data subjects may request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information required to assert their data protection rights and to ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries and the origin of the personal data. 
• Correction and restriction: Data subjects can have incorrect personal data corrected, incomplete data completed and the processing of their data restricted. 
• Deletion and objection: Data subjects can have personal data deleted ("right to be forgotten") and object to the processing of their data with effect for the future. 
• Data release and data transfer: Data subjects may request the surrender of personal data or the transfer of their data to another data controller.

We may defer, restrict, or deny the exercise of the rights of affected individuals within the legally permissible framework. We may inform affected individuals about any prerequisites that may need to be met for the exercise of their data protection rights. For example, we may wholly or partially deny information by referring to trade secrets or the protection of other individuals. Similarly, we may also wholly or partially deny the deletion of personal data by referring to legal retention obligations.

We may exceptionally provide for costs for the exercise of rights. We will inform affected individuals in advance about any potential costs.

We are obligated to identify affected individuals who request information or assert other rights using appropriate measures. Affected individuals are required to cooperate.

Right to Complain
Affected individuals have the right to enforce their data protection claims through legal means or to file a complaint with a competent data protection supervisory authority.

The supervisory authority for data protection for private entities and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Affected individuals have – to the extent that the General Data Protection Regulation (GDPR) is applicable – the right to file a complaint with a competent European data protection supervisory authority.

We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.

Our digital communication is subject to — as is fundamentally the case with all digital communication — mass surveillance without cause or suspicion, as well as other forms of monitoring by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence over the corresponding processing of personal data by intelligence agencies, police departments, and other security authorities.

SSL Encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This ensures that the data you transmit via this website is not readable by third parties. You can recognize an encrypted connection by the 'https://' address line of your browser and by the lock symbol in the browser line.

Cookies
When accessing our website, cookies are used. Cookies are small text files that are stored on your computer when you visit this website and help us analyze how users use our website. Most of the cookies we use are deleted after the browser session ('session cookies'). Some cookies are permanently stored and allow us to recognize your next visit to our website. This enables us to continuously improve our website. You can deactivate cookies in your browser settings at any time, either completely or partially.

Server Log Files
The website provider automatically collects and stores information in server log files, which your browser automatically transmits to us. This includes:

• Visited page on our domain
• Date and time of the server request
• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• IP address
   

No merging of this data with other data sources takes place.

External Content: Fonts via FontShop
On this website, we use fonts and a web analytics service from FontShop / Monotype GmbH, Spichernstrasse 2, 10777 Berlin, Germany. Due to licensing terms, page-view tracking is carried out by counting the number of visits to the website for statistical purposes and transmitting them to FontShop / Monotype GmbH. FontShop / Monotype GmbH only collects anonymized data.
Privacy Policy of FontShop

Pixel Counters
We may use pixel counters on our website. Pixel counters are also known as web beacons. Pixel counters—also from third parties whose services we use—are small, usually invisible images that are automatically retrieved when visiting our website. Pixel counters can capture the same information as server log files.

Social Media
We are present on social media platforms and other online platforms to communicate with interested parties and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The respective General Terms and Conditions (GTC) and terms of use, as well as privacy policies and other provisions of the individual operators of such platforms, also apply. These provisions specifically inform about the rights of affected individuals directly vis-à-vis the respective platform, including, for example, the right to information.

Third-Party Services
We use services from specialized third parties to carry out our activities and operations in a permanent, user-friendly, secure, and reliable manner. With such services, we can, among other things, embed functions and content into our website. For technical reasons, the services used capture at least temporarily the Internet Protocol (IP) addresses of users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data to offer the respective service.

We specifically use:

• Our website uses features of the web analytics service Google Analytics. The provider of the web analytics service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
• Google Analytics uses 'Cookies.' These are small text files that your web browser stores on your device and enable an analysis of website usage. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. The server location is usually in the USA.
• The setting of Google Analytics cookies is based on Art. 6 para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in analyzing user behavior to optimize our web offering and, if necessary, our advertising.
• IP Anonymization
  We use Google Analytics in conjunction with the IP anonymization feature. It ensures that Google truncates your IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area (EEA) before transmitting it to the USA. There may be exceptional cases where Google transmits the full IP address to a server in the USA and truncates it there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide us with other services related to website and internet usage. There is no merging of the IP address transmitted by Google Analytics with other data from Google.
  Privacy Policy of Google

Digital Infrastructure
We use services from specialized third parties to be able to utilize the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

We specifically use:

METANET AG
Josefstrasse 218
CH-8005 Zürich
Privacy Policy

Contact Options
We use services from selected providers to better communicate with third parties, such as potential and existing customers.

Digital Audio and Video Content
We use services from specialized third parties to enable the direct playback of digital audio and video content, such as music or podcasts.

We can amend and supplement this Privacy Policy at any time. We will inform about such amendments and supplements in an appropriate manner, particularly by publishing the current Privacy Policy on our website.