Data protectionProtecting your privacy

The controllers for data processing may be – depending on the individual case:

Abacus Research AG
Abacus-Platz 1
9300 Wittenbach – St. Gallen
Schweiz
T +41 71 292 25 25
[email protected]

Abacus Research SA
Place de la Gare 2C – CP 104
2501 Biel
Schweiz
T +41 32 325 62 62
[email protected]

Abacus Business Solutions AG
Zürcherstrasse 59
8800 Thalwil
Schweiz
T +41 44 723 99 99
[email protected]

Abacus Services AG
Place de la Gare 2C – CP 104
2501 Biel
Schweiz
T +41 32 312 04 00
[email protected]

Abacus Umantis AG
Unterstrasse 11
9001 St. Gallen
Schweiz
T +41 71 224 01 01
[email protected]

Abacus Umantis GmbH
Erika-Mann-Strasse 53
80636 München
Deutschland
T +41800 225 014
[email protected]

Abacus Umantis GmbH - place of business in Freiburg
Engelbergstrasse 19
79106 Freiburg im Breisgau
Deutschland

We have appointed a data protection officer for these companies of the Abacus Group. For Abacus companies they can be reached at [email protected] and for Umantis companies they can be reached at [email protected] 

Insofar as Abacus processes personal data and the General Data Protection Regulation (“GDPR”) applies to this processing, we have appointed as our representative in the EU:

Abacus Business Solutions GmbH
Mies-van-der-Rohe-Straße 6
Tower 1 – 10. OG
80807 München
[email protected]

If you have any questions about data protection, you can contact us at any time.

Personal data is any information relating to the personal or material circumstances of an identified or identifiable natural person ("data"). This includes, for example, the name, address, telephone number, or email address. This term does not include anonymous data or information whose content does not indicate or suggest the identity or factual circumstances of an identifiable individual, such as the number of visitors to a website.

There are also so-called special categories of data ("sensitive data"). This includes data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data to uniquely identify you, health data, or data concerning your sex life or sexual orientation. We will only process such data - if at all - with your explicit consent, unless another legal basis makes such data processing necessary.

The content and information presented on our websites serve to provide you with general information about us as a company and about our Abacus Products and Services. While using our websites, it is also possible that data may be disclosed by you or collected by us for certain purposes. Furthermore, as a company, we process data that you disclose to us or transmit to us in other ways, for example by mail, email, telephone, during a business transaction, or personal contact.

Our data processing includes, for example, the collection, storage, transmission, deletion, and other processing of your data. Only data that is necessary and appropriate for the intended purpose will be processed. 

Our data processing is carried out for the purposes stated by us or for the purposes requested by you. Data processing outside of the intended purposes will only take place if we inform you accordingly and if a change of purpose is lawful. 

In the following, we inform you about the individual data processing, its purpose, and its legal basis for us as a company.

You can provide your contact information and interest in our products and services in a contact form, an inquiry, through a personal contact during an event or web demo, or contact us in other ways so that we or partners  or another company of the Abacus Group can contact you, inform you about Abacus Products and Services, conduct a web demo with you, or fulfill other offers. Furthermore, we store and process information that you select in lists and menus on our websites. When you send us an email, we save the content of the email as such, and the data that is generated when inquiries are sent to our email servers, such as sender and recipient IDs, time stamps and, if necessary, reasons for errors or rejections if the transmission of an email fails. If you wish to receive information material, you can also provide us with your email address so that we can send you the requested information by email with your consent.

We use your data ourselves or provide it to the relevant companies. This is done within the framework of data protection and competition law requirements.

We process your data based on legitimate interests. Processing is done both in your interest - you have contacted us - and in ours, to establish the satisfaction of all inquirers, if necessary to fulfil a contract with you, or to carry out pre-contractual measures. We will only process your data for the purpose of contacting you.

Your data may be stored in our Abacus CRM system and in other technical systems. When using website forms, your data will be transmitted in encrypted form according to the current state of the art. You provide us with your data voluntarily, and only as much data as necessary is requested (mandatory data are marked with *). All other information is optional.

Transfer of data to selected partners or a company belonging to the Abacus Group
If we determine that we can only answer your enquiry satisfactorily with the support of another company in the Abacus Group or a selected partner, we may share your data based on legitimate interests or, if necessary, we will obtain your consent to share your data. Consent is given voluntarily and can be revoked at any time for the future.

As for how and which data is processed when using a mobile Abacus application, please refer to our privacy policy for mobile applications.

You can find out about current vacancies and apply for them on our websites with job vacancies and our company profiles on LinkedIn and Xing as well as on various job portals. The privacy policy for our job portal also applies here, which can be viewed at jobs.abacus.ch/datenschutz-jobportal.

Other data processing in the context of your application
If you provide references as part of the application process, we will assume that, where the data relates to an individual, you have obtained their consent for us to contact them and you consent to us obtaining the reference from that individual. If we ask for a reference, we will only contact them with your consent. Consent is given voluntarily and can be revoked at any time for the future.

To get a better picture of your professional history, we may visit your professional profiles on LinkedIn and Xing. We process this publicly available job-related data about you in our interest to find out whether you fit the advertised position and our company. If you do not want this, you can let us know. We do not look at or process data from social networks or other websites that do not have a company or employment-oriented context.

Quality of your data in an application
The data you provide should be accurate, complete, not misleading and up-to-date. Failure to do so may result in your application not being considered or appropriate legal consequences being drawn after you have already been recruited.

Storage period of your application
If the application procedure does not lead to a position being filled, your application will be deleted at the latest four months after completion of the application procedure, unless the data is needed to defend legal claims asserted against us from the application procedure (this is done on the basis of our legitimate interests), unless a different period is provided for by law or you have expressly consented to further processing of your data. If your application leads to employment, all data required for this will be processed within the framework of your employment relationship in accordance with the statutory provisions.

As part of our web presence or when using our support, it is possible that you may use online services that require you to log in or register.

This applies in particular to our PartnerPortal, the Brand-Portal, and Education Hub on our websites, but also the execution of a web demo (online presentation) which provides you with a better picture of Abacus products and services, remote access in a support case, registration for events, making an appointment or the use of certain Abacus products and services.

When registering or logging in to such services, you are required to enter and transmit to us a certain amount of data resulting from the relevant form or our queries. When using such a form, your data will be transmitted in encrypted form according to the current state of the art. You provide us with your data voluntarily, and only as much data as necessary is requested (mandatory data are marked with *). All other information is optional. In some cases, you must register for certain areas and use login data with a password or another authentication procedure. Abacus is free to choose such authentication procedures. The data to be provided results directly from the specific procedure used. You are under obligation to choose strong passwords. You are responsible for the security of your access data and must not pass them on to unauthorised third parties.

The processing of your data within the scope of such login and registration requirements is carried out with your consent when registering or logging in, based on our legitimate interest in providing you with the information necessary to use our products and services satisfactorily, in order to be able to contact us and for the proper processing of an existing contractual relationship.

Log into our Portals
If you are an authorised user of our portals, you can be given access to these portals. This requires you to provide your e-mail address, your first and last name and the company for which you work. To log in to these portals, use the authentication options provided for this purpose and the login data required for this purpose.

After successfully logging in, you have the option of using the services (some of which are subject to a fee) on these portals. In the Brand-Portal, for example, you can place documents with your company logo in a shopping basket and then download them. A cookie is used for the duration of this session, which enables your logo to be displayed in the documents. Embedded YouTube videos can also be viewed within the framework of YouTube's "nocookies" settings. You can find more information on this under "YouTube videos".

You can subscribe to Abacus mailing lists on specific topics in the PartnerPortal. By saving your registration to a mailing list, you give your consent to receive (personalised) information on the relevant topics by e-mail. You can unsubscribe from mailing lists at any time by making a new selection and saving it. You will then be removed from previous mailing lists.

In the Education Hub you will find all the updated course materials currently available. This includes documents, videos and sample clients. This content is continuously updated and supplemented. Within the Education Hub, it is possible to determine who has logged in, which (paid) training videos are used and how long the respective user remains on a training video. Subsequently, we can inform third parties, such as our partners, whether and how our offer is being used or how it should be used.

Your authorisation to use these portals ends when you leave the company from which you received authorisation. Your access data will be disabled by the company you were working for once your access authorisation has lapsed, if necessary, with the assistance of Abacus Support. This also means that you will be deleted from registered mailing lists.

Register for a webinar via Zoom Events or Microsoft Booking
On some of our websites you can schedule an appointment with us on certain topics. To do this, select the topic that interests you from a variety of options and specify a date. To set up the appointment, the form asks for your email address, your name, and the location of the meeting. Your company name and whether you are interested in other topics are optional. Before you complete the appointment, you can check and adjust your data again.

We need this data to be able to plan and conduct the meeting with you. We use Zoom Events from Zoom Video Communications, Inc (Zoom), 55 Almaden Blvd, Suite 600, 95113 San Jose, California/USA, and Microsoft Bookings from Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, to register for and conduct the webinar.

Zoom and Microsoft Corporation as the parent company of Microsoft Ireland Operations Ltd. also process data in the USA, so there is a possibility that data could also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

Here you will find the current Privacy Policy:

https://explore.zoom.us/en/privacy/

https://www.microsoft.com/de-de/privacy/privacystatement

Registration on AbaSky (Abacus subscriptions)
If you are an authorised user of AbaSky as a sales partner or installation operator, an account will be created for you at AbaSky so that Abacus subscriptions can be activated for you or your customers. This requires you to provide your e-mail address, your first and last name, the company for which you work, and an authenticator chosen by Abacus are required.

A login to AbaSky takes place with your consent when registering for it and for the proper processing of an existing contractual relationship regarding the activation of Abacus subscriptions.

AbaSky stores your contact details as an Abacus partner or installation operator and your data and that of your customers, such as name, e-mail address, telephone number and (billing) address, as well as any data of your employees if you enter them. The activated Abacus subscriptions are stored and how the collection for these is handled. AbaSky is only the platform for managing the activated Abacus subscriptions.

The data processed via the Abacus subscriptions is generally processed directly by you in your Abacus software or by the installation operator and only in certain cases by Abacus Research AG for prior processing of information. Details can be found in the Privacy Policy for Mobile Applications of Abacus Research AG.

If you, as the installation operator, have purchased Abacus subscriptions for your customers, they can access and use the Abacus software by means of a link sent by you to your customers or by means of the purchased Access ID after registering with you. You are required to maintain data protection in the context of your data processing when using AbaSky if you register the customers and their employees there. You also have the option of changing or deleting the data collected there. We recommend that you only collect necessary data and as little as possible and that you anonymise or pseudonymise the data in advance. Once the use of an Abacus subscription has ended, the corresponding data will be deleted in AbaSky in compliance with existing retention and documentation obligations.

The data hosted in the cloud solution in connection with the purchase of an Abacus terminal when using AbaClock and AbaPoint as well as other Abacus mobile applications are described in the Privacy Policy for Mobile Applications.

Your authorisation to use AbaSky ends when you leave the company from which you received an authorisation. Your access data will be disabled by the company you worked for after your authorisation has ceased, if necessary, with the assistance of the Abacus partner or Abacus Support.

We use various DeepServices from DeepCloud AG, Abacus-Platz 1, 9300 Wittenbach for our business operations. We use both tools with and without AI. These can be various DeepServices, such as digital signature solutions, translation solutions, etc.

We use DeepServices on the basis of our legitimate interests in efficiently designing and offering our services and business processes.

Further information on how DeepCloud AG processes data when using DeepServices can be found in their privacy policy at https://www.deepcloud.swiss/datenschutz/ .

We also use AI tools in our work that do not necessarily process personal data but fulfil technical security requirements such as virus checks or protection against bots. 

When we use AI tools, we pay attention to their legally compliant use and want to ensure the necessary transparency in their use. Where content is created using AI (such as images or text), this is labelled. If an AI tool supports us in our work, we use it in accordance with existing regulations and our values. As a rule, they fulfil narrowly defined procedural tasks, improve our previously performed activities or only carry out a preparatory task. 

We examine their use and possible negative consequences for those affected. We do not use AI tools that make decisions for us, significantly influence the results of a decision and could have a significant impact on people. We ensure that preparatory decisions on results made by them are always reviewed by a human. If an AI tool used by us is in direct dialogue with humans, we will inform you of this by means of a notice. We are and remain responsible, even if we use AI tools to support us.

AI tools used at Abacus

We use various AI tools by external providers, such as chatbots or translation tools, to make them available to our employees for exclusively internal use. Among other things, we use AI-supported tools by our subsidiary DeepCloud AG (e.g. for translation or document recognition).

What data processing takes place when using AI tools?

When employees use AI tools, no personal data should be entered into these AI tools. However, data processing is possible when using the AI tool, e.g. when logging in to the AI tool (such as name and e-mail address). 

With AbaGPT (AI tool with chat function for answering questions on Abacus-related topics), user inputs and outputs can be saved as a history according to the user's individual settings.

By whom is data processed?

Data from employees of the Abacus Group, as well as from persons whose data is contained in the outputs of the AI tool (such as authors of knowledge base articles), can be processed.

What data is processed?

In order to use the AI tool, the user's name and email address are saved after logging in and selecting the corresponding setting in the AI tool.

To which recipients is data transmitted?

Abacus uses external service providers to provide its AI tools. These are AI providers, hosting and service providers. They only process data for the purposes described by Abacus and are contractually bound to comply with the data protection obligations under the relevant data protection laws. 

How long is data stored?

With AbaGPT, inputs and outputs are only processed temporarily and are not stored permanently if the user sets this up. Otherwise, the inputs and outputs are saved as a history. Other AI tools may have different settings.

What is the purpose of the data processing?

AI tools should support employees in their daily work.

What are the legal bases/justification for data processing?

AI tools are utilised with the user's consent. 

You can obtain publicly accessible information about our products and services from our website. In some cases, it is also possible to make use of an Abacus Help Centre, for example for AbaClock, AbaClik, Abacus subscriptions or test environments offered, to obtain general information and, if you are an authorised user of an Abacus Cloud account, to write articles and make public comments. You will need to enter your name and e-mail address, and a profile picture and your telephone number are optional. To register for the Abacus Cloud Account, you must provide your first and last name, an e-mail address and a password (at least 8 characters, 1 number, 2 lower case letters and 1 upper case letter). You will need your username and password to log in. Alternatively, you can also log in via other accounts such as your Microsoft or Google account. Their data protection provisions apply.

Once you have successfully logged in, you can use the services available in the Help Centre. You can write and delete your own posts and comments, follow or unfollow other posts, members or comments. The Help Centres contain descriptions of how you can use which functions.

Contributions and comments are published with your specified username, whereby you can use a pseudonym. If you leave a comment, this comment and your IP address will be saved. This is necessary so that we can defend ourselves against liability claims if users publish unlawful content. We need your name and e-mail address in order to contact you, also in the event that your contribution or comment is objected to as unlawful. We do this on the basis of our legitimate interests and in order to fulfil existing legal obligations. Contributions and comments are not checked before publication. However, we reserve the right to delete them if they could be objected to as unlawful or if we have a legitimate interest in deleting them.

If you follow a post, member or comment, you will be informed when there are further comments or posts. We use the e-mail address you have entered in your profile for this purpose. You can unsubscribe from the notifications at any time by clicking on the link contained in the e-mail or by unsubscribing in your account.

Your use of the Abacus Cloud Account ends when you inform us that you are no longer interested in further use or we have a legitimate interest in terminating your use. This also means that you will be deleted from registered notification lists. In such a case, we will delete your access authorisation and your data, unless there are storage or documentation obligations to the contrary or further processing is justified, about which we will inform you.

We use Zendesk, 1019 Market St, San Francisco CA 94103 (hereinafter "Zendesk") for various support services such as our help centre, live chat tools, website tickets and the knowledge base. This is a service provider commissioned by us, to whom your data will be passed on for the purposes described above. It has been carefully selected and commissioned by us, is bound by our instructions and is regularly monitored. The data required for the support service is transmitted to Zendesk. This data is also processed outside Switzerland; at present, data processing takes place in the EU, which offers an appropriate level of data protection for Switzerland. We would like to point out that it is up to you which data you enter in the posts or comments in the Help Centre or in other support services.

Here you will find the current Zendesk Privacy Policy: https://www.zendesk.de/company/agreements-and-terms/privacy-notice/

Zendesk is an US-American company, so there is the possibility that data might also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

Registration and participation in an event

You can register for an event such as a course, workshop, forum, webinar, seminar, consultation, (online) event, training, or trade fair ("Event") on our website. You can send your registration for an Event in writing by post or e-mail to the contact address given in each case or book participation in the event directly on our websites on the Internet or by telephone. The data provided by you will be stored by us and processed for the planning and implementation of the Event as well as for the follow-up support of the participants and, if necessary, passed on to our commissioned service providers. If you take part in an (online) event, a webinar or a survey, certain data such as your email address, name or the company you work for are required for the implementation of the (online) Event, the evaluation of the survey or an audit. In some cases, a survey is also conducted anonymously. Commissioned service providers are used precisely for the implementation of such events. They are carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. We are happy to provide information about our commissioned service providers upon request.

As part of an event, for example when taking part in a course, you can receive a link for login and password-protected access to a learning environment (e.g. a sample client) for practical practice of the course content and for a final examination of the course content. You are obliged to choose a strong password and to treat your login details confidentially and not to pass them on. This access is available to you during the course and for the practical examination.

Data made available in the learning environment are fictitious data. They are also required to process fictitious data in the learning environment. The participants themselves is responsible for the data processing carried out there. We also have full access to the learning environment to provide you with support and to analyse the results after a practical test. After this evaluation all data in the learning environment will be deleted and all access rights revoked. You will receive a certificate after successfully passing the exam.

Before the examination, you will be informed about how the examination is conducted, assessed and the respective weighting of the examination parts. A contracted service provider shall be commissioned to administer the theoretical examination. The link for this test will be sent to you by email. You will then need to register for the theory test using your email address and the name of the company you work for. After the theoretical examination, we receive the assessment, and we can evaluate it together with the results of the practical examination. You will receive the result of the examination by e-mail. Each participant receives a course confirmation and a certificate by post if they successfully pass the examination.

For some events (such as Abacus certification) it is necessary to conduct a survey of your customers to validate the requirements (e.g. customer projects). In such a case, they ensure that we can fulfil the necessary requirements, such as a customer survey. This is usually done by us asking your customer by telephone or by sending a questionnaire by e-mail.

We reserve the right to publish you, e.g. with a certificate, stating your name, company and, if applicable, photo and company logo (e.g. website, flyer, reports in the organiser's customer magazine (e.g. Pages), in company appearances in social media, in the partner portal, etc.). We reserve the right to delete these publications at any time without giving reasons.
Data processing due to legal requirements in the context of epidemics/pandemics
If necessary, we can keep attendance lists of the people involved at events so that chains of infection can be traced. It records the name, telephone number and - if available - the seat number (for rows of seats). The corresponding list is kept for 14 days and then deleted. If required, it can be made available to the authorities so that they can carry out contact tracing. We provide information about how we handle attendance lists before an event.
Registration for an event via Evenito
You can register for events organised by us on our website. Some of these are free of charge, but some are subject to a fee. These events are subject to our "General Terms and Conditions for Events and Portals", which you accept when registering for the event.

The following data may be transmitted to us by you: Title, name, e-mail address, mobile phone number, your function, name and contact details of the company you work for, the sector and the number of employees. You can also specify your Abacus partner. You have the possibility to subscribe to our newsletter. You can cancel your subscription to the newsletter at any time. Details can be found in the "Newsletter" section.

We use your data so that you can take part in our event and we can stay in contact with you. We use evenito AG, Binzstrasse 23, 8045 Zurich, for the planning and implementation of the organisation of such an event (including the sending of invitations to (future) events and the sending of confirmations of participation). This is a service provider commissioned by us who receives your data to the extent necessary to fulfil the purposes described above. It has been carefully selected and commissioned by us, is bound by our instructions and is regularly monitored. It also uses providers abroad for its services and has ensured through suitable guarantees that there is an appropriate level of data protection for your data. Here you will find the current evenito Privacy Policy: https://evenito.com/de/datenschutz/
Participation in a competition at an event
If you take part in a competition, we will collect your contact details (e.g. name, address, email address when you fill in a form) so that we can identify and notify you as the winner. We use your data within the scope of the sweepstakes based on your consent to participate in the sweepstakes. You can revoke this at any time with effect for the future. You can find more information on a possible revocation under "Your rights".
Video and photo recordings during participation in an event
We reserve the right to take photos and videos during an event in which you may also be featured. These photos and videos are used exclusively for our own purposes (e.g. use within a lecture or training series, webinars, online events, for company websites, flyers, reports in our customer magazine (e.g. Pages) or by newsletter, for company appearances in social media, in the PartnerPortal, information to participants by e-mail, etc.) in order to report on or document the event. If you are shown as part of a larger group of people or are merely an "accessory" to a building or location where you are not the focus of the shots, we may take these photos and videos based on our legitimate interests for the purposes described above. You can object to their use at any time. If you are portrayed as an individual or are the focus of recordings, we will obtain your consent for such a recording on site during the event. You then have a right of withdrawal in relation to your consent.

If photos and videos (sound and image) are taken of you, e.g. for testimonials, for giving presentations or training, for your support in improving or developing our Products or Services, this will only be done with your consent. You can also revoke this consent at any time. Details can be found in the specific declaration of consent.

At some of our events, you can use a photo box. Photos of you will be taken with your consent. You use the shutter release and can then print the photo directly. Some photo boxes also allow the photo to be sent by SMS and/or e-mail. To do this, enter your mobile number or email address. We use this information during or after an event to send you the photos and, depending on your consent, to contact you personally so that you can get to know our products and services better. Advertising is carried out within the framework of the existing legal requirements.

There is also the possibility that, with your consent, the photos will be displayed on our social media channels so that we can report on the event and its participants.

We use commissioned service providers, preferably in Switzerland and the EU, to offer a photo box and display photos on social media channels. They will only receive your data for the purposes described. They are carefully selected by us, are bound by our instructions and are monitored accordingly. If they process data abroad or also use providers abroad for their services, suitable guarantees will ensure that there is an appropriate level of data protection for your data. On request, we are happy to provide information about our commissioned service providers and the locations of data processing.

Your information will be stored and processed in accordance with the information provided and the intended purpose. As soon as the purpose of the data processing has been fulfilled, your data will be deleted promptly.

Examinations for Campus courses
For our campus courses, it may be necessary to take an examination in order to successfully complete the course and receive a certificate. It consists of a theoretical and practical part, whereby the Easy LMS tool from Easy LMS B.V., Oude Delft 48, 2611CD Delft, The Netherlands is used for the theoretical examination. The participant will receive a link by e-mail for verification. They then log in to Easy LMS with their e-mail address and the name of the company they works for. The participant's business e-mail address will be processed. This data processing is done so that we can offer our courses and guarantee a uniform standard through the theoretical examination. Participants register for the course and therefore consent to the associated data processing.

Here you will find the current Easy LMS Policy: https://www.easy-lms.com/de/uber-uns/datenschutzerklaerung/item39
Online events
More and more events are being organised as purely online events. These can be training courses or information events but can also have other content. Registration for the event is required, for which you will be sent an e-mail with a participant link to join the online event. There will be live presentations, video screenings and an active exchange of information between the organiser and the participants.

It is possible that we record the online event with sound and video and that participants can be heard and/or seen. These recordings are used exclusively for our own purposes (e.g. use within a lecture or training series, webinars, online events, for company websites, flyers, reports in the customer magazine, for company appearances in social media, in the partner portal, newsletters, information to participants by e-mail) in order to report on the online event, to document it or to show it again.

When participating in such an event, participants are set to "mute", also, it is not necessary for the participant to activate their camera to send pictures of themselves. Sound and/or video activation is only carried out by the participant after their approval. By agreeing to this, the user gives their consent for sound and image recordings to be made of them if the online event is recorded. No sound or images are edited out afterwards. If the participant does not want to be recorded, they should not activate their audio and video functions throughout the online event. It will still be possible to send questions to the moderator(s) via the chat function. These will be answered by the moderator(s) as far as possible during the online event or in person via the chat function.

We use evenito AG, Limmatquai 122, 8001 Zurich, Switzerland, to plan and implement the organisation of such online events (including the sending of invitations to (future) events, the sending of participation confirmations, the analysis of the online event or related surveys). This is a service provider commissioned by us who receives your data for the purposes described above. They have been carefully selected and commissioned by us, is bound by our instructions and is regularly monitored. They also uses a provider abroad to organise such an online event.

Data may be transmitted to Kaltura, Inc., 250 Park Avenue South, 10th Floor, New York, New York 10003. 

Here you will find the current Kaltura Privacy Policy: https://corp.kaltura.com/legal/privacy/privacy-policy/

Furthermore, we ourselves use contracted service providers for the planning and realisation of such online events, who may receive data for the purposes described above. They have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. We use software solutions from Zoom Video Communications (Zoom), Inc, 55 Almaden Blvd, Suite 600, 95113 San Jose, California/USA and Slack Technologies, Inc (Slack), 500 Howard Street, San 94105 Francisco, California/USA.

These companies process data in the USA so there is the possibility that data might also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

Here you will find Zoom's current privacy policy:

https://explore.zoom.us/de/privacy/

Company Feed and Company News are part of MyAbacus of the Abacus installation. Company News allows the company to communicate with its employees, whereas Company Feed lets employees communicate with one another via open or closed channels, at their option. “My Feed” lets you view, like, store, comment on, create, edit and delete contributions in Company Feed. Users can use the Mobile App to manage their channels and to favorite people in Company Feed. In the "News" tab, you can view, like and store contributions from Company News.

Contributions appear under the author’s name and photo. The user and the Administrators at the Abacus licensee that create the content in Company Feed and Company News decide whether to include further personal data in such content and, if so, which data. Under "Privacy" in the user’s profile, it is possible to select whether other employees are permitted to read and/or comment on one’s own contributions.

Contributions can also be supplemented by photos and videos. To do so, a connection to a DeepBox of the Abacus licensee at DeepCloud AG is required, where the videos can be cached for simplified display. In such cases, the privacy policy of the third-party provider shall be applicable.

For Company News articles, the company can analyse how many users/employees have opened an article. It is also possible to analyse which people have opened an article. When publishing the article, you can select that a read confirmation should be sent. This serves to ensure that all employees have read a particular article. There is a subdivision according to the read status "Open" and "Received". This function also allows the company to send a reminder email to employees who have not yet read an article ("Open" status) directly from the analysis of read confirmations. This is in line with the company's legitimate interest in ensuring that its employees have read the messages communicated and are sufficiently informed. The respective company is responsible for using this function and informing employees about it. The names and functions of employees are displayed. The reminder emails are sent with the recipients as a blind copy so that the persons concerned cannot be identified by others.

AbaSquare is an internal communications platform for businesses that is seamlessly integrated into the MyAbacus employee portal. It enables access to Company Feed and Company News via mobile terminal devices.

Please refer to our Privacy Policy for Mobile Applications to find out how and what data is processed when using an Abacus mobile application.

To ensure that our employees have up-to-date knowledge and awareness in dealing with risks such as phishing, they regularly complete online training courses. In addition, phishing tests are sent by e-mail to check correct handling. This enables weak points within our company to be recognised and rectified.

We use the MetaCompliance training tool from MetaCompliance Ltd, (Company No. NI049166), Third Floor Old City Factory 100 Patrick Street, Londonderry BT48 7ELF. MetaCompliance Ltd. is a company based in Northern Ireland, UK. The United Kingdom is a country with an adequate level of data protection according to Annex 1 GDPR (General Data Protection Regulation). For details on how MetaCompliance processes data, please refer to their privacy policy: https://www.metacompliance.com/de/company/privacy-policy

The data is processed in data centres in the EU, in the Netherlands and Ireland.

Conducting tests and training in the area of phishing and cyber awareness is in our legitimate interest in maintaining cyber security in our company and protecting our employees and our company from attacks

We use the time2learn service from Swiss Learning Hub AG, Maneggstrasse 17, 8041 Zurich, to optimise the planning of our apprentices' training and ensure their learning progress. We also use it to plan assignments and monitor learning in the apprenticing organisation.

For more information on how time2learn processes data, please refer to their privacy policy: https://time2learn.ch/de/datenschutzerklaerung/ (only in French and German) and their data protection information sheet: https://time2learn.ch/wp-content/uploads/Merkblatt_Datenschutz_de.pdf (German)

All data is stored in Swiss data centres.

As an apprenticing company, we are required by law to plan training and assignments and to document the learning progress of our apprentices. It is also in our legitimate interest to support our apprentices in as structured a manner as possible.

We have our services, such as our software, mobile applications, presentations and websites, translated so that we can offer them in different languages. We have some of these translations done externally. For this purpose, we use the services of Hieronymus AG, Place de la Gare 15, CH-1700 Fribourg. All data is hosted by Azure Switzerland.

We use the Trados tool from RWS Holdings Limited, Europa House, Chiltern Park, Chiltern Hill, Chalfont St Peter, SL9 9FG UK for internal translations. This solution is stored locally at Abacus in Switzerland.

We also use AI tools for translations. For more details, please refer to the relevant section of this privacy policy.

The performance of internal translations and the use of external expertise is in our legitimate interest in improving our products and services.

If you wish to place an order in our Abacus Shop, we require certain data to process your order in order to conclude the contract. In order to allocate your order to the Abacus products you are using, it is necessary for you to register as a customer in the Abacus Shop. Select login data (any username and password) for the account and fill in the marked fields correctly (name, address, e-mail address). This mandatory information is marked with an asterisk* , further information is optional. For some products it is necessary for you to enter an Abacus ID when ordering so that we can allocate your order. We process the data you provide to process your order and on the basis of our legitimate interests in a successful customer relationship.

The data in your account will also be saved for future purchases or we will only register you as a guest for an order. You can edit the data under "My account" yourself and delete all data, including your user account, by contacting [email protected] .

In this context, we reserve the right to use your e-mail address for direct advertising or for the transmission of technical information for similar products that you have already purchased if you have not objected to this use. After considering our interests, these e-mails serve our legitimate interests in providing promotional information to our existing customers. The prerequisite is that we will clearly inform you when collecting the e-mail address and each time it is used that you can object to its use at any time.

Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for the legally prescribed period. To prevent unauthorised access to your personal data by third parties, the order process is transmitted in encrypted form.

With your consent, we will publish personal recommendations from you or references via photos, videos or written statements as a satisfied customer or how to use our products and services on our websites and in other places (such as in newsletters or our customer magazine Pages). In some cases, we also use your company logo. This is done after you have given your consent. You can revoke your consent to this; details can be found in the specific declaration of consent.

Abacus offers interested parties the opportunity to exchange ideas with reference customers. These reference customers take part in our reference customer program and receive the data of interested parties for contact and exchange. Interested parties’ consent to their contact details being passed on to a reference customer for reference information on a specific Abacus application. This data is used exclusively as part of the reference customer program. The reference customers have undertaken to comply with the relevant data protection laws.

Abacus offers selected key account customers the opportunity to join the key account customer program. These key account customers take part in our key account customer program and receive the agreed benefits. This data is used exclusively as part of the key account customer program.

We integrate the maps of the "Google Maps" service (a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, "Google"). This allows us to show you an interactive map directly on the website so that you can use the map function conveniently. Simply by visiting the website with the Google Map, Google receives information from your IP address that the corresponding subpage has been accessed. Other access data and log files are also transmitted. Data processing takes place regardless of whether you have a user account and are logged in to it. If you are logged in, your data will be directly assigned to your user account. We recommend that you log out regularly after using such a platform, as this allows you to avoid being assigned to your profile.

Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customised website design. Such an analysis is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the network about the activities of users. You have the right to object to the creation of these user profiles, whereby you must contact Google directly to exercise this right.

As a user of Google Maps, you are bound by the Additional Terms of Use for Google Maps/Google Earth, including Google's Privacy Policy [https://policies.google.com/?hl=de ]. These documents provide you with further information on the purpose and scope of data collection and processing by Google by clicking on the map section. It also contains further information about your rights and the settings options for protecting your privacy vis-à-vis Google.

Google LLC. as the parent company of Google is a US-American company, so there is the possibility that data might also be processed in the USA Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.
Display in Google Maps as a provider of AbaWeb applications
If you would like to be found as a provider of AbaWeb applications, you can provide your company's contact details after giving your consent. This information is then displayed on a Google map within our website. This is done after you have given your consent in the corresponding registration form. Using a search function, the company and the corresponding contact details can be found and displayed on the map. As part of the registration form for this publication, you can give your consent by ticking a box and revoke it by unchecking the box if you no longer wish the company to be shown on the map. This can be done at any time.

Otherwise, Google's terms and conditions for the use of Google Maps apply.

We may conduct surveys on certain topics (e.g. to improve and expand our Products and Services). Your opinion is very important. A survey will help us determine customer satisfaction of current solutions and the needs of our customers. This is in our interest as well as yours when using our Products and Services. To do this, we send selected people an invitation email with the link to the survey, whereby we receive your name and email address as part of our contractual relationship with the company for which you work. Participation in a survey is always voluntary and only takes place with your consent. By closing the browser, it is possible to terminate the survey at any time without any adverse consequences for you. We store and analyse the results of the survey based on legitimate interests to improve our Products and Services. We may also share the results of surveys with our Abacus partners, other business partners or prospects, but no personal information will be disclosed.

As part of a survey, you also provide us with data such as your name, email address or the company you work for, as well as data resulting from the survey that you can provide (in a free text) within the survey.

To conduct a survey, we primarily use MS Forms de Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, whereby the server solution is hosted in Switzerland, as well as Zoom Surveys de Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 9511. This is a US-American company, so there is the possibility that data might also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission. 

Please refer to the data protection declarations of these companies to find out how they process data:
MS Forms: https://privacy.microsoft.com/de-de/privacystatement
Zoom Surveys: https://explore.zoom.us/en/privacy/

After a survey, it is sometimes possible for us to draw conclusions about you as a participant in the survey or as the recipient of the e-mail with the survey link due to the low number of participants. Once we have received the results of the survey, we store them, analyse them and use them to improve our products and services. We do not pass on these results or your data to any other third parties unless we are obliged to do so by law or legal regulations.

When visiting the survey website, which is encrypted according to the current state of the art, only functional cookies are used, which only process data that is necessary for the use of the website, the survey and its evaluation. No other analysis tools are used on the survey website. In the case of an anonymous survey, it is generally not possible to establish a link between you and the use of the survey website.

As part of its Abacus software, Abacus offers the option of connecting the customer's own software solutions or those of a third-party provider within the customer's Abacus software via an interface. Abacus collects and stores data collected as part of this process in order to check and approve any connection. For this purpose, the customer's respective contact person with their contact details (such as name, e-mail address, telephone), licence information and other data relevant for a connection (such as access types, the Abacus applications and clients to be connected) are recorded and stored. There is a 10-day test phase for the desired connection. The contact person can be contacted by Abacus for clarification as part of the approval process. Once the review has been completed, a decision will be made on any approval. Abacus processes this data on the basis of legitimate interests to check any interface release and during its use.

You have the option of using an Office add-in for the Abacus software. This allows you to save documents from Microsoft Office directly to the desired folder in your Abacus software.

Which diagnostic data is transmitted to Abacus Research AG when using the Office Add-Ins?

Diagnostic data (usage data and crash logs) is collected so that faults when using the Office Add-Ins can be optimally rectified. Diagnostic data does not contain any user-specific data and is transmitted to Abacus Research AG via Sentry.

To find out how Sentry handles such information, see its privacy policy.

Usage data

The usage data contains anonymous data, including information on how the Office Add-Ins are used and with which device types.

Crash Logs

Crash logs contain detailed logs to improve the performance and stability of the Office Add-Ins.

How long is the Diagnostic saved?

Diagnostic data is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

Diagnostic data is intended to enable secure use of the Office Add-Ins and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information based on our legitimate interests in enabling secure and trouble-free use of the Office Add-Ins.

Within the framework of existing contractual relationships, you have the option of contacting Abacus Support with support questions. You can contact us in various ways, for example by telephone, e-mail or via the Customer Portal. The data processed is used to answer your support enquiry and is processed within the framework of contractual relationships. If no solution can be found, another option is to transmit data to us by means of a so-called K-Save or to make an appointment for remote maintenance.

After making an appointment (by e-mail or telephone), you can download the required software (e.g. TeamViewer) and log in to the support session with the access data provided to you - after sufficient authentication - for the respective session. You are responsible for the security of your access data and must not pass them on to unauthorised third parties. We will inform you if a recording of the session or a print screen appears necessary and, if necessary, obtain your consent for this. You can refuse this consent directly or revoke it at any time. There will be no audio recordings. We use TeamViewer from TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. If we have a support case with TeamViewer, TeamViewer Germany GmbH can also access our system. There is a possibility that data can be viewed by you. TeamViewer Germany GmbH is a service provider commissioned by us who is authorised to access your data for the purposes described above. They have been carefully selected and commissioned by us, is bound by our instructions and is regularly monitored. The data may also be processed outside Switzerland; TeamViewer Germany GmbH has contractually undertaken to offer an appropriate level of data protection for Switzerland by means of corresponding regulations.

Registration by e-mail address is required to use the Customer Portal. Depending on the settings, the tickets entered in the customer portal can contain various contents, including those with personal data (name of contact person, ticket processor, e-mail address, content data). When entering comments on a ticket, the last name of the person entering the comments is displayed and they are notified by e-mail about new comments in their ticket. We use a contracted service provider for the customer portal, who may receive the data for the purposes described above. The contracted service provider has been carefully selected and commissioned by us, is bound by our instructions and is subject to regular review.

The data processing that takes place during support is carried out with your consent when you register for a support session or use the respective support tools, based on our legitimate interests in providing our customers with the desired support and for the proper processing of contractual relationships.

We will delete your data in this regard if storage is no longer necessary, the purpose of the processing has been fulfilled, you have withdrawn your consent or you have objected to the processing, unless there are storage or documentation obligations to the contrary or further processing is justified, about which we will inform you.

If you want to test Abacus products, there are various test environments available to you. All we need is information about the interested company and the contact details of the employee responsible for opening a test environment. Within the test environment, no real data is to be used, only test data, so that no data processing is carried out by us inside of a test environment.

We use the services of contracted service providers in Switzerland, which we use for the purpose of designing and operating our website or Abacus Shop, who receive your data for the purposes described above. These have been carefully selected and commissioned by us, they are bound by our instructions and are regularly monitored. If data is also processed outside Switzerland, it is contractually ensured that a level of data protection appropriate for Switzerland is established, either through existing guarantees or through corresponding regulations. We are happy to provide information about our commissioned service providers upon request.

Through this data processing, contact data, content data, usage data, meta data, and communication data are processed by us or our service providers on our behalf when you use our website or Abacus shops. This is done based on our legitimate interests in the efficient and secure provision of our website and Abacus shops, to protect against misuse and other unauthorised use, on the basis of a service requested by you or a contract to be concluded with you following an order by you or, in certain cases, following your consent.

In the area of e-commerce, we work with Glarotech GmbH, Toggenburgerstrasse 156, 9500 Wil SG, Switzerland as an external service provider for the provision of Abacus shops. How Glarotech processes your data and to which recipients this data is transmitted can be found in their privacy policy.

Here you will find the current Glarotech Privacy Policy: https://www.glarotech.ch/datenschutzerklaerung/

Access data and server log files are collected by us or our service provider about every access to the server on which a service used by us is located (called server log files). These include:

• The domain visited and the files accessed.
• The IP address of the end device used.
• Date, time, and duration of the visit.
• Website from which the access was made
• Operating system of the end device used.
• The browser used for access as well as all information from the 'user-agent', which the browser transmits to the server
• Extent of the transmitted data volume.

We use this information for the following legitimate interests:

• To display our website.
• To guarantee the stability and security of our website.
• For statistical evaluations of our websites.
• To improve our website.
• For clarification purposes in support cases.
• To analyze technical problems.
• To clarify safety issues.
• In suspected cases of illegal use (such as to clarify acts of abuse or fraud).

This information is stored for a maximum of 90 days and then deleted, unless its retention beyond this period is necessary for evidential purposes, such as for use as evidence before authorities or courts for unlawful use of our website. We will then exempt them from deletion until the respective incident has been finally clarified and may keep them until a legally binding decision or judgement has been reached.

As a matter of principle, the above-mentioned data will not be passed on to third parties, unless it is necessary for the pursuit of our claims, for the fulfilment of the intended purposes, after your consent or there is a legal obligation to do so.

This information is stored in such a way that, as a rule, it cannot be assigned to any specific person by us, except if you register for a special offer on the website.

Here we would like to inform you which cookies or other technical means such as web beacons, pixels, other tracking technologies (hereinafter "cookies") are used when using our website. Cookies are small text files that are stored on your terminal device. They do not cause any damage to your end device and do not contain viruses. The data obtained in this way may subsequently be evaluated by us or third parties and merged with other data. As a rule, they serve to make the entire internet offer more user-friendly and more effective, which is in both your and our interest.

For some cookies that are not essential for technical storage or access to our website, or that are not used only to enable the use of a service you have explicitly requested, we will ask for your consent by means of a so-called cookie consent banner.

Our websites may use cookies from us or third parties to fulfill certain purposes (such as to present our website, improve functionalities, statistical web analytics, product optimization, personalization of content).

The cookies we use are either session cookies (these are automatically deleted when you close your browser) or persistent cookies (these remain stored on your end device until a specified expiry date).

The following cookies are generally possible:

• Strictly necessary incl. preferences

Strictly necessary cookies are essential for the safe and reliable operation of our website, in order to be able to transfer and display our website content, to allow you to navigate on the website, or to be able to quickly identify and solve technical problems.

Preference cookies allow you to make the site more enjoyable to use by remembering options you choose (such as language selection) or by providing functionalities you request (such as remembering a selection or performing a function).

These cookies do not require your consent, but their use is based on legitimate interests.

• Statistics
  These cookies enable us to compile statistics and analyses, whereby pseudonymized or anonymized data is collected in order to gain knowledge about the use of the website, to improve our offering, or to quickly detect and remedy technical problems.
• Marketing
  They enable the display of personalized content by recording and analyzing your usage behavior. This is also done outside our websites, in that these cookies can track you. As part of this, cookies of third-party providers are also used and (pseudonymized) data of your surfing behavior is passed on, evaluated, and used by them.

You can find out which specific cookies are used on our websites by means of informative banners on the respective websites. If only functional cookies are used, we will inform you accordingly by means of a cookie info banner or by means of this Privacy Policy. With the exception of necessary and preference cookies, you decide which other cookies are used. We have placed cookie consent banners on our websites for this purpose.

You can change your selection at any time.
For information on the data processing of third-party providers whose cookies you can consent to when using our websites, please refer to their data protection declarations.

Please note that you can set the common browsers in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages cookie settings. The help menu of each browser explains how you can change your cookie settings. We cannot guarantee that you will be able to access all functions of our websites without restriction if you do not allow cookies. We recommend that you regularly delete your cookies and browser history manually.

Google Tag Manager (a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google" as the controller in the EU, the EEA and Switzerland) is used on our websites. That way, it is possible to manage website-tags. Tags are little pieces of code on the website that facilitate using Google's implemented services. No data is processed by Google Tag Manager alone, but it does allow cookies to be set. 

In addition, Google Analytics ("GA") and Google Signals (which are likewise Google services) are also used on our websites. GA enables cookies to be set with the aim of analysing the use of our websites by the user and improving their functions. Google Signals collects additional information about Users who have activated personalized displays (interests and demographic data). This allows shipping displays to such Users in cross-device remarketing-campaigns. To that purpose, various data and information about the usage and its Users are collected and generally sent to a Google server in the USA, where that data is stored. 

Abacus uses Google Analytics exclusive with the extension “anonymizeIp(),” which is designed to prevent any direct personal reference. That extension is used by Google to truncate the IP address within EU Member States or other Contracting States to the EEA Agreement. Only in exceptional cases is the full IP-address sent to a Google server in USA and truncated there. According to Google, the IP address sent by the browser within GA will not be combined with other Google data.

During a visit, User behaviour is recorded in the form of "events". Events can be: 

• Page views
• First visit to the website
• Start of the session
• Websites visited
• "Click path", interaction with the website
• Scrolls (whenever a user scrolls to the end of the page (90%))
• Clicks on external links
• internal search queries
• Interaction with videos
• File downloads
• Viewed / clicked adverts
• Language setting
• The following is also recorded:
• Approximate location (region)
• Date and time of the visit
• IP address (in abbreviated form)
• Technical information about the browser and the end devices used (e.g. language setting, screen resolution)
• Internet provider
• Referrer URL (via which website/advertising medium this website was accessed) 

Google uses this information to analyse the pseudonymous use of a user and to compile reports on activities. 

Recipients of the data are/may be 

• Google Ireland Limited (cf. above)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

This is a US-American company, so there is the possibility that data might also be processed in the USA. Both the EU and Switzerland have issued positive adequacy decisions regarding the USA, after entering into a Swiss/EU-US Data Privacy Framework. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

We automatically delete the data within the scope of Google Analytics after 14 months of its collection, once a month.

The storage of cookies can be disabled by the corresponding setting in the browser-software. In such a case, however, it is possible that not all functions of our website can be used to their full extent. You can also prevent the transmission of the data generated by the cookies and related to the use of websites (including the IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link. The same procedure should then be followed on all the devices used.

The current link is https://tools.google.com/dlpage/gaoptout?hl=en

Please note that if all cookies are deleted, you will need to perform steps outlined above again to prevent the use of GA.

Here you will find the current terms of use of GA: Google Analytics Conditions

You can find Google's current privacy policy here: https://policies.google.com/privacy?hl=en

We use the DNS service and the Content Delivery Network (CDN) of Cloudflare (Cloudflare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA) to provide our websites quickly and securely. With the DNS service, the information transfer between your browser and our website is routed via the Cloudflare network. In this way, Cloudflare can analyse the data traffic between you and our websites to detect and ward off attacks on our website, for example. 

With CDN, data from our website (such as videos) is loaded into Cloudflare CDN nodes. This means that our websites are more secure and load faster on the user side.

This is in our legitimate interest to provide our websites securely and quickly. Cloudflare collects statistical data about visits to our websites: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, visitor's operating system, referrer URL, IP address and requesting provider. This data is used for statistical evaluations for the purpose of the operation, security and optimisation of Cloudflare's offering. 

Further information and Cloudflare's privacy policy can be found at https://www.cloudflare.com/privacypolicy/

Cloudflare is a US-American company, so there is the possibility that data might also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

To protect our systems from bots and possible spam, we have integrated reCAPTCHA from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 5, Ireland) on certain registration and login forms. This allows us to distinguish whether we are receiving a registration or login from a human or whether there is improper processing by an automated, machine program (e.g. a bot). For this purpose, certain entries are required before registration or login so that verification is possible. In addition, your IP address and, if applicable, other data such as the website that you visit with us and on which reCAPTCHA is integrated, the date and the time spent on our website, the identification data of the browser and operating system type, your Google account if you are logged into Google, mouse movements on the reCAPTCHA areas as well as the tasks in which you identify images are also required by Google for reCAPTCHA. They are sent to Google and processed by them. The analysis starts automatically as soon as you open the website with reCAPTCHA. We use reCAPTCHA from Google to ensure the security of our systems. Data and documents uploaded via a form are stored directly in our systems. If we did not install such a security tool, bots would be able to log on to our systems unhindered. This is how we protect ourselves from unwanted and dangerous automated calls. It is in our legitimate interest to protect our system security.

If you would like to know more about reCAPTCHA or how Google processes data, you can find out more directly from Google here:

Privacy policy https://policies.google.com/privacy
Terms of use https://policies.google.com/terms

We use Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. We have carefully selected this contracted service provider, the server location of QuestionPro GmbH is in Denmark, which as an EU member state has an appropriate level of data protection. There are no data transfers to third countries (such as the USA). 

Mouseflow is used to analyse our websites and their visitors and to improve our web presence. For this purpose, data is collected and stored for marketing and optimisation purposes. The data collected can be used to create pseudonymised user profiles. Cookies can be used to make this possible. 

With the exception of necessary and preference cookies, you decide which other cookies are used. We have placed cookie consent banners on our websites for this purpose.

You can change your selection at any time. Details on the cookies we use can be found in the section "What cookies are there?".

Selected individual visits (exclusively with anonymised IP addresses) are recorded and a log of mouse movements and clicks during the visit to the website is created. This protocol is used to derive potential improvements for the website. The data collected with Mouseflow will not be used to personally identify visitors and will never be merged with personal data about the bearer of the pseudonym without the visitor's separate consent. The data processing described above is based on our legitimate interests in customising the website. 

Further information on the purpose and scope of data collection and its processing can be found in Mouseflow's privacy policy at: https://mouseflow.com/legal/visitor/. There you will also find further information on your rights and setting options to protect your privacy. Further information on your rights in relation to our data processing can be found in the section "Your rights".

You can deactivate the recording on all websites that use Mouseflow globally for the browser you are currently using at any time by clicking on the following link: https://mouseflow.com/opt-out/. 

In the following, we will show you how we would like to provide you with advertising information within the framework of legal requirements.

Newsletter
With us you have the possibility to subscribe to a newsletter. In the following we explain the procedure involving newsletters.

• Content of the individual newsletter: We only send emails with promotional information (hereinafter "newsletter") with your consent. Our newsletters contain information about our products, services and achievements of the companies of the Abacus Group. Automated processing: Web beacons are used in our newsletters. These are small, unrecognisable embedded images or objects (such as clear GIF, pixel tags and single pixel GIFs) that return information from you after you open the email you receive. In this way, we can measure success to compile statistics for the popularity of our offer. It also allows us to evaluate your user behaviour accordingly. We also store information about the browser you are using and the settings you have made in the operating system you are using, as well as information about the internet connection you are using to access our website. Through the newsletter sent to you, we receive, among other things, receipt and read confirmations as well as information about the links you have clicked on in our newsletter. Through this data processing (performance measurement), we aim to align our advertising approach to your interests and optimise our information on our website.
• Consent: The dispatch of the newsletter and the associated performance measurement is based on your consent when registering for the newsletter.
• Registration procedure and logging: To ensure that no one can register with other people's email addresses, you will receive an email asking you to confirm your registration. This confirmation is necessary to receive the newsletter. If the registration is not confirmed within 4 days, the information will subsequently be deleted. Registrations for the newsletter are logged to be able to prove the registration process in accordance with the legal requirements and to clarify any possible misuse of your data. This includes the storage of the login and confirmation time as well as the IP address. Changes to your stored data are also logged.
• Login data: To subscribe to the newsletter, all you need to do is enter your email address. Optionally, you can enter a name for the purpose of a personal address in the newsletter.
• Recall: You can stop receiving a newsletter at any time, i.e. withdraw your consent, by sending an email to [email protected] and clicking on the unsubscribe link in the newsletter or through the contact details provided in the Imprint. You will not incur any costs other than the transmission costs according to the basic rates. You will find a corresponding link for revocation at the end of each newsletter.
• Storage after revocation: We may store unsubscribed email addresses for up to three years to prove consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. Your data will only be used for other purposes after you have withdrawn your consent if you have expressly consented to this or if further processing is justified, about which we will inform you.

Other marketing measures by e-mail
If we have received your e-mail address from you in connection with the sale of a product or the provision of a service and you have not objected to its subsequent use, we reserve the right to use your e-mail address for direct advertising for our own similar products or services that you have already purchased. After considering our interests, these marketing measures serve our legitimate interests in providing promotional information to our existing customers.

The prerequisite is that we will clearly inform you when collecting the e-mail address and each time it is used that you can object to its use at any time (no costs other than the transmission costs according to the basic tariffs will be incurred for this).
Commissioned service providers for marketing measures
Marketing measures by email can be carried out by commissioned service providers. For this purpose, we will pass on your data, such as your e-mail address, to them. These commissioned service providers have been carefully selected and commissioned by us; they are bound by our instructions and are regularly monitored. They receive data only to the extent necessary to fulfil the specifically agreed order processing. Suitable guarantees are used to ensure an appropriate level of data protection for data transfers abroad.

We use the mailXpert service from mailXpert GmbH, Schulstrasse 37, 8050 Zurich, Switzerland, among others, to send newsletters. The data required for this is transferred to a server at mailXpert GmbH with a location in Switzerland. We also use Mailgun from Mailgun Technologies Inc, 112 E Pecan St., 1135, San Antonio, TX, 78205, USA. The data required for this is transferred to a Mailgun server in the EU. Newsletters are sent with your consent or based on our legitimate interests in providing our existing customers with promotional information.

Further information and the respective privacy policy can be found at https://www.mailxpert.ch/datenschutzfor mailXpert and https://www.mailgun.com/legal/privacy-policy/ for Mailgun.

We are happy to provide information about our other commissioned service providers upon request. You can object to marketing measures at any time by sending an email to [email protected] by clicking on the unsubscribe link in the email or by contacting the contact details given in the Imprint. You will not incur any costs other than the transmission costs according to the basic rates. You will find a corresponding link to the opting out at the end of each such email.
Telephone and postal advertising
We reserve the right to use your first and last name as well as your telephone number and postal address for our own advertising purposes in order to be able to send you interesting offers about us, our products, services or events organised by us by telephone or by post. Advertising information will only be provided by telephone with your presumed consent. After considering our interests, the information approach by letter serves our justified interests in addressing our customers and potential interested parties. We will check and respect a possible advertising objection (in addition through a star entry in public telephone directories) in advance.

Promotional letter mail can be processed and sent by a commissioned service provider. For this purpose, we will pass on name and address data to them. This contracted service provider is carefully selected and commissioned by us, is bound by our instructions and is regularly monitored. We are happy to provide information about our commissioned service provider upon request.
Objection to advertising information and revocation of consent
You can revoke your consent to be contacted for advertising information or object to the storage and use of your data for the above-mentioned purposes at any time by sending a message to [email protected] or by contacting the contact details given in the Imprint. You will not incur any costs other than the transmission costs according to the basic rates. After that, your contact details (e.g. from the newsletter) will be deleted.  After that, your contact details (e.g. from the newsletter) will be deleted. Further processing of your data remains possible insofar as its use is further permitted or permitted by law.

Forwarding of data for advertising information
Your contact details may be passed on to another company of the Abacus Group in Switzerland or Germany as well as to our solution partners. Promotional information will be carried out within the framework of legal requirements. If you have given your consent, if necessary, to a promotional information (e.g. by newsletter), and also to a transfer of personal data for this purpose to a company of the Abacus Group or one of our sales or solution partners, this may be used for the corresponding promotional information by the authorised party.

Some companies in the Abacus Group maintain company presences on LinkedIn, Xing, YouTube, Instagram and Facebook. Our websites contain links to our company presence on these platforms.

There we can see all the information that visitors voluntarily provide to our corporate presence on this platform by either liking one of our posts or posting a comment. Your data will also be processed if you communicate with us within this platform, e.g. write articles on the various online presences or send messages.

In addition, we are provided with statistical data on visitors to our company website on the respective platform in our admin account. This includes data evaluating visitors' interactions with our respective posts, a follower demographic and its origin, as well as web traffic and activity on our corporate presence on the platform. We are not able to view any personal data of the visitors, but only general data without any personal reference.

Further data processing carried out by the respective platform operator during your visit to the platform is not subject to this Privacy Policy, but to their own Privacy Policy. Nevertheless, we check our company presence on this platform at regular intervals for possible violations of the law to be able to take immediate action.

We have no influence on the data collected and data processing operations by the platform operator. They store the data collected about you as a usage profile and uses this for the purposes of advertising, market research, and/or designing the website to meet your needs. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the network about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact the respective platform operator directly to exercise this right.

Data processing by the platform operator after use of a link on our website takes place regardless of whether you have a user account there and are logged in there. If you are logged in, your data will be directly assigned to your user account. We recommend that you log out regularly after using such a platform, as this allows you to avoid being assigned to your profile.

For further information on the purpose and scope of data collection and processing, please refer to the respective Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy.

LinkedIn:
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA
http://www.linkedin.com/legal/privacy-policy

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

LinkedIn is a US-American company, so there is the possibility that data might also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

Xing:
XING Luxembourg, XING S.á r.l., 9, Avenue Guillaume, 1651 Luxembourg, Luxembourg
https://privacy.xing.com/en 

Kununu:
kununu GmbH, Neutorgasse 4-8, Top 3.02, 1010 Vienna, Austria
The data protection provisions of Xing apply to Kununu.

YouTube by Google LLC: https://policies.google.com/privacy?hl=de&gl=de

LinkedIn is a US-American company, so there is the possibility that data might also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

Facebook and Instagram from Meta Platforms (formerly Facebook): 
Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, U.S
https://www.facebook.com/privacy/center 
Meta Platforms Inc. is a US-American company, so there is a possibility that data could also be processed in the USA.

Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

On our websites, we have integrated the YouTube video player from Google Ltd (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google") to offer YouTube videos for the presentation of editorial content on some of our websites, which are also stored on YouTube and can be played directly from our websites. This is done for the optimal presentation of our products and services, which is in our legitimate interest.

To protect your data, these YouTube videos are integrated in "extended data protection mode" (YouTube nocookies). YouTube informs you that no information about visitors to this website is stored until they watch the video.  However, this does not necessarily exclude the transfer of data to YouTube partners, such as those of the Google Double-Click network.

By visiting our website on which a YouTube video is embedded, Google at least receives the information that you have accessed the corresponding subpage of our website with the embedded video. In addition, information and data such as server log files, IP address and user agent are transmitted at the latest when the video is accessed. This takes place regardless of whether you have a YouTube user account through which you are logged in or whether no user account exists. If you are logged in, this data will be directly assigned to your user account.

When the video is accessed, YouTube uses various cookies and other tracking technologies. Google then stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customised website design. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of customised advertising and to inform other users of the network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google directly to exercise this right.

For further information on the purpose and scope of data collection and processing, please refer to Google's Privacy Policy. There you will also receive further information about your rights and setting options to protect your privacy: https://policies.google.com/privacy

As the parent company of Google, Google LLC. is an US-American company, so there is a possibility that data could also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

We have embedded the Vimeo video player from Vimeo. (Vimeo, Inc. 555 West 18th Street, 10011 New York, USA, hereinafter “Vimeo”) into some of our websites to present editorial content in the form of videos, which are also stored on Vimeo and can be played directly from our websites. This is done for the optimal presentation of our products and services, which is in our legitimate interest.

A connection to the Vimeo servers is established when you view one of these videos. In doing so, Vimeo receives the information that you have accessed the corresponding subpage of our website containing the embedded video and the IP address. Vimeo is set up so that your user activities are not tracked, and no cookies are set.

Further information on the purpose and scope of data collection and processing can be found in Vimeo’s Privacy Policy. There you will also receive further information about your rights and setting options to protect your privacy: https://vimeo.com/privacy

Vimeo, Inc. is an US-American company, so there is the possibility that data might also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

Our websites may contain links to external websites of other companies outside Abacus. This Privacy Policy does not extend to the websites of these other companies. When using these websites, the data protection declarations of these companies must be observed as far as their data processing is concerned. Nevertheless, we check these websites at regular intervals to remove the link immediately in the event of possible infringements. If you have any indications of possible legal violations on the pages linked by us, we ask you to inform us so that we can stop a possible connection.

If you click on such links, your data may be transferred to companies in countries outside Switzerland, the EU and the EEA that do not ensure an adequate level of protection for the processing of personal data. Please remember this before you click on a link and thereby trigger a possible transfer of your data.

In the following, we would like to inform you about the data processing that we carry out as a company within the scope of our business operations.

What data is processed and where does it come from?
We process data from our employees, customers, suppliers, applicants, interested parties, other business partners, or third parties and their employees. This data is either provided by the data subject or the respective company itself or we receive it from another company of the Abacus Group, from third parties such as other business partners (e.g. customers, suppliers or other service providers), public authorities or from publicly accessible sources (e.g. public telephone, address and trade directories, public notices or databases, the Internet, trade, cooperative or association registers).

The data provided by you or the relevant company, for example when making an enquiry, registering, obtaining a quote, entering into a contract, completing a questionnaire or otherwise communicating with us, may be as follows:

• Contact details including full name, position, company, address, telephone, email address
• Contractual data arising from pre-contractual measures or the fulfilment of a contract, including delivery data
• Payment data, including bank details, payment history, credit card data, debit card data, access data, as well as other data for smooth payment transactions
• Content data including entries in our CRM or project system, in contact forms, data of a communication made via email or another form of communication
• Registration data (such as username and password) when using offers requiring registration or login
• Data for the prevention of fraud, money laundering or other criminal offences
• All data in connection with an application or employment as an employee about the profession, the previous employer, the professional career including certificates and further training, all data that are provided or may be legitimately collected and processed in the context of an application procedure or employment relationship
• Sensitive data such as health data, which is only collected by us with the explicit, prior consent of the data subject, which can be revoked at any time, or where there is a legal obligation to process it
• Data on the company for which a person works
• Data as described above when using one of our websites

Data obtained through other companies, public authorities or publicly available sources, such as:

• Credit information
• Contact data (name, company, postal addresses, email addresses, telephone numbers, publicly accessible data as can be seen in the commercial register) from credit agencies that are used within the legal framework for an advertising information.
• Data from banks or insurance companies in connection with the fulfilment of a legal or contractual obligation
• Data from judicial or official proceedings
• References from previous employers or business partners
• Data relating to fraud and money laundering prevention or screening in relation to export restrictions (e.g. to comply with anti-terrorism legislation)
• Data from publicly accessible sources such as the internet, the press or public registers such as the commercial register

For what purposes is data processed and on what legal basis?
Data is processed for different purposes and based on different legal bases:

• Carrying out pre-contractual measures in the context of an application or in connection with the conclusion of contracts with customers or other business partners, such as when preparing an offer. Due to their function at the contractual partner, data of their employees is also processed, in which we have the legitimate interest of a successful business development
• Processing of employee data based on contract, legal obligation, given consent or legitimate interests
• Provision of contractual services and customer care in the fulfilment of contracts, implementation of contractual measures, payments and accounting, guarantee of contractual claims. Due to their function at the contractual partner, data of their employees is also processed, in which we have the legitimate interest of a successful business development
• Processing of contact requests based on the legitimate interest of customer satisfaction or pre-contractual measures
• Communication with the media based on a legitimate interest in successful business development
• Sending personalised newsletters, carrying out other marketing measures, sending Christmas mail/gifts as well as internal market and opinion research to provide customers in an advertising manner about our companies, products and services in order to increase sales after consent has been granted or in special cases due to justified interests in direct marketing within the framework of existing legal requirements
• Exchange information and maintain contact with the press on the basis of legitimate interests of successful business development
• Improvement of our online offers, products, and services due to legitimate interests of a successful business development
• Collection of data from publicly accessible sources on the basis of legitimate interests for customer acquisition
• To establish, maintain and protect the operation and security of our IT, online offering, products, services and other offerings, based on legitimate interests to prevent potential security threats, criminal offences, or other adverse activities
• Video surveillance to safeguard domiciliary rights and damage prevention and other IT security measures to protect persons, intangible assets and tangible assets
• Compliance with internal policies or industry standards due to legitimate interests to comply with specified regulations
• Enforcing contracts, settling, asserting or defending legal claims in judicial or official proceedings based on our legitimate business interests
• Mergers, transfers, and acquisitions of companies, parts thereof or business divisions, as well as other transactions under company law, including the transfer of data based on legitimate interests of successful business development or after consent has been granted
• Provision of certain online services for the management of customers and business partners and communication in the context of the use of online services requiring registration (including orders, payments, document management, other information) based on legitimate business interests
• Enabling participation in interactive functions of our online offer due to legitimate interests upon request
• Obtaining references as part of an application procedure after consent has been given
• Verification of identity to be able to fulfil rights and obligations under data protection law, due to legal obligation
• Credit assessments based on (pre-) contractual relationships or after consent has been given
• Other data processing after consent has been given
• Fulfilment of legal obligations and due diligence for the prevention or investigation of criminal offences, economic crime or money laundering
• To fulfil the purposes which you specified when you provided the data or that we notified you of when we collected the data
• In addition, data from different sources are brought together, which can also be processed for the purposes listed above. This allows us to compare, match and use customer or Abacus partner data from the individual companies within the Abacus Group and manage it in a central system. For current and correct delivery and address data, we may match existing data with other sources, correct it if necessary and use it; this is due to legitimate business interests

As a company, we use various tools from companies in the USA, whereby we take care to contractually agree storage locations in Switzerland or the EU with these companies wherever possible. Nevertheless, data may be sent to their servers in the USA during use or in cases of support. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies.

For data processed in a Third Country that lacks an adequate level of data protection, we provide suitable safeguards, such as entering into standard data protection clauses (with adjustment of the necessary contractual and technical measures), to ensure lawful data transmission to foreign countries. We resort to legally permissible exceptions only in isolated cases, such as allowing data transmission to a Third Country that lacks an adequate level of data protection based on express consent by the data subject.

In principle, we process and store your data for as long as is necessary and permissible for the purposes for which we received the data. Specifically, this means that we will retain your data for as long as we have a (business) relationship with you or the company for which you work, when you use our website, when you are employed, when you send us newsletters, when we perform a contract or a continuing obligation, for as long as you have given us permission to store the data, for as long as any obligations exist or are owed to us, for as long as a particular legal situation requires, such as with regard to legal disputes, limitation periods or official investigations, or for as long as you were notified when the data was collected.

In addition, legislation has provided for a variety of documentation and retention obligations and periods, so that if such a legal obligation for retention or documentation exists, we also store data - possibly limited - for a correspondingly long period of time. In Switzerland, for example, there are retention obligations under tax or commercial law of up to 10 years, as well as possible retention obligations of 30 years due to existing statutes of limitation, plus obligations under special laws. For this reason, an examination of the respective storage period takes place in each individual case for the corresponding data processing.

After exercising your right of revocation or objection, after the stated purposes have been achieved or after the expiry of existing tax or commercial law, other legal or contractual documentation and storage obligations and periods, we will delete your data or, if permissible, restrict its processing, unless you have consented to further use of your data or we have expressly reserved the right to use data beyond this, as permitted by law or contract, about which we will inform you accordingly.

If you use areas that require you to register or to log in, you should store the login data and make sure it is not accessible to third parties. If you log in from computers or other devices that are used by multiple people, please remember to properly log out after each session and close the browser window you are using.

We take data security very seriously and treat your data confidentially and in accordance with the statutory provisions. To this end, we have taken technical and organisational measures to ensure a level of protection appropriate to the risk. These measures may include the pseudonymisation and encryption of data, security measures relating to the confidentiality, integrity, availability and resilience of systems, the ability to rapidly restore the availability of and access to data in the event of a physical or technical incident, and the regular review, assessment and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing. That way, we provide your data with state-of-the-art protection against loss, misuse, change, destruction and unauthorized access. Our standard of security is constantly upgraded to the latest technological developments. Our employees and commissioned service providers are bound to confidentiality and act within the framework of our instructions.

It is possible that emails are sent in unencrypted form (i.e. that they are immediately readable without any required prior decryption), especially if you cannot access encrypted emails yourself. Such unencrypted emails are exposed to a greater risk than encrypted emails, which is why we hereby expressly advise you not to send any confidential information such as application documents without encryption.

When using website forms or in the context of email communication with us, your data will be transmitted encrypted according to the current state of the art when it is sent. Our website including the areas requiring registration and login are secured (https). Bear in mind that online security gaps can never be ruled out completely. We cannot guarantee 100% security of all systems, especially when using our websites. We assume no liability for wrongful actions by authorized third parties.

In the application procedure, data is used in the context of partially automated processing according to certain criteria in order to evaluate personal aspects of an applicant (profiling). We use these assessments to make a prediction of suitability for employment. However, the decision on employment is made by the respective line managers and employees in the HR department.

As a matter of principle, when concluding a contract or executing it, no decisions are made exclusively on the basis of automated processing which would produce legal effects against you, or which would significantly affect you in a similar way. We will inform you in advance if this should take place in individual cases and ensure that data processing is lawful.

It is possible that different law applies to certain data processing. Thus, it must be examined in each individual case whether the Federal Act on Data Protection (FADP), the Data Protection Ordinance (DPO) as well as national law of Switzerland or another, foreign law such as the General Data Protection Regulation and the national law of another state is applicable to data subjects. Abacus checks this for each individual case and will carry out the data processing that takes place within the framework of the respective legal requirements.

You are entitled to the following rights about your data, insofar as we have been able to duly establish your identity and the respective conditions for this are met:

• Right to information
• Right of rectification
• Right to erasure
• Right to destruction
• Right to restrict processing
• Right to object to processing
• Right to data portability or transfer

Furthermore, you have the right to assert your claims in court and to complain to a data protection supervisory authority about the processing of your data by us.

Here you can find a list of authorities in the EEA: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

We will comply with your request for deletion unless it conflicts with a required retention of data or we need the data to assert, exercise or defend our legal claims.

You can revoke your consent to the processing of your data at any time for the future. Such a revocation shall not affect the lawfulness of the processing carried out based on the consent until the revocation.

If we base the processing of your data on our legitimate interests or those of a third party following a balancing of interests, you may object to such processing. In such a case, we will review your objection and either stop or adapt the data processing or show you our compelling interests worthy of protection why we want to continue the processing. These must override your interests, rights and freedoms or the processing must serve the assertion, exercise or defence of legal claims.

Should we process your data to conduct direct advertising with it, you have the right to object to this processing of your data for the purpose of direct advertising at any time. This also applies to any profiling that may take place if it relates to such direct advertising. In such a case, we will stop this data processing.

You are not obliged to provide us with your data. However, it is possible that certain functions of our website will not be available or will only be available to a limited extent if you do not provide any data. Furthermore, it is possible that no contractual relationship can be entered into with you without the corresponding data.

If you have any questions about data protection or if you wish to exercise your rights, withdraw consent or object to data processing, please contact us using the contact details provided above under "Responsible parties".

We have appointed a Data Protection Officer. They can be reached at [email protected]

If you have any questions about data protection, you may contact us at any time.

This Privacy Policy is subject to periodic review and may be amended, if necessary, in the event of legal or technical changes or due to new or revised services, at any time with effect for the future without prior notice. For this reason, we ask you to read this Privacy Policy at regular intervals to be aware of possible changes.